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Description 

Field of the Invention 

The invention relates to the field of integrated circuit 
(IC) cards (also referred to sometimes as "chip cards"), 
and in particular to IC card readers. 

Background of the Invention 

A so-called integrated circuit card, also referred to 
as a "smart card" and/or an "IC card" herein, is a credit 
card-sized carrier substrate, generally formed of a plas- 
tic material, which carries circuitry for storing informa- 
tion, such as financial information. These cards are 
gaining acceptance with many consumers as an alter- 
native to cash for purchases. Smart cards can already 
be used in many countries of the world instead of coins 
or paper currency to make purchases. In a typical smart 
card electronic cash system, an IC on the card, either 
with an on-board micro-processor or just a memory 
chip, stores information, i.e., a 'token," which repre- 
sents the value or Tjafance" of electronic cash remain- 
ing on the card. As the user makes purchases with the 
card, this stored value is decreased electronically (inter- 
nally) by the amount of the purchase. 

Therefore, these IC cards are similar to a credit 
card with embedded inte grate d circuitry including, for 
example, both volatile and nonvolatile memory ele- 
ments. The f inancial information is stored in these mem- 
ory elements. In order to access the information in the 
IC card, an interface device, i.e., an IC card "reader," is 
required. There are two different kinds of IC card 
reader/interface systems classified based on their size 
and functionality. The first kind of IC card reader/inter- 
face device is referred to as a terminal device, ag., a 
point of sale (POS) terminal, used for financial transac- 
tions. These device generally have a large size (form 
factor), but they have the capability to connect to other 
on-line systems, such as a financial institution, to pro- 
vide a communication path between the IC card and the 
on-line systems. Due to their relatively large size, these 
terminals are mostly stationary and therefore cannot be 
carried around by the IC card user. 

The second type of IC card reader/interface device 
is the portable IC card reader. Presently, these device 
are only used to provide static data display of the stored 
card information, and do not have the capability to con- 
nect to an on-line system to provide more sophisticated 
applications for the IC card. 

There is also a variation of the first type of known IC 
card reader/interface device which is not as large as the 
usual terminal type, but is not as readily movable as the 
portable type. An example of this variation is descrfoed 
in Hirokawa (U.S. Patent 4,672,182). Such a device is 
designed to function with a personal computer as an 
add-on, but does not function as a stand alone unit, in 
contrast with the portable type device mentioned earlier. 



Such a device is, therefore, more like a terminal type 
device than a portable device, simply making the per- 
sonal computer into an IC card terminal. 

As should be dear from the above, the two basic 

5 kinds of reader/interface systems for IC cards offer 
either portability or connectivity, but not both. The termi- 
nal device is too large to be portable, and the portable 
device has limited functionality, lacking any communica- 
tion ability, as compared with the terminal device. There 

io is therefore a need for an IC card reader/interface sys- 
tem combining the benefits of both the terminal and 
portable type devices. 

The portable type device have the advantage of 
being small enough to carry on one's person. However, 

is the existing portable device does not provide very much 
functionality to the user, primarily merely providing the 
ability to view the value stored on the IC card. Additional 
functionality would be desirable, for example, when a 
POS terminal type device is not readily available 

20 In order to provide communications capabilities 
with external device, the data stored on the IC card must 
be converted to a form readily transmittable to external 
device, and reliability of the transmission must be 
assured. To meet this goal, there is a need for a pro- 

25 grammed interface to implement the data conversion 
and transfer between the IC card and external device 
through a portable reader. 

However, to provide communications capabilities 
for a portable type device, there are various technical 

30 hurdles to overcome. For example, interface circuitry 
must be compact yet provide sufficient communication 
ability, in order to provide the desirable functionality 
without sacrificing the small size of the typical portable 
device. In particular, interface connections must be 

35 designed so as not to unduly increase the thickness of 
the device which would make it unsuitable for carrying in 
a wallet or shirt pocket, for example. 

ft should also be mentioned that there are a number 
of U. S. patents relating to various IC cards, card read- 

40 ers and related background technology, and some of 
these are now listed (alphabetically): Avery et al. 
(4,719,338); Bergeron (4,764,666); Broschard, III 
(5,599,203); Burkart (5,584,043); Dethloff et al. 
(4,968,873); Diehl et al. (5,128,523); Guion (4,675,516); 

45 Hara et al. (4,918,631); Harris Jr. et al. (Des. 323,489); 
Hirokawa (4,672,182); Huis et al. (5.550,361); Itjima 
(5.369,760); lijima (5.581.708); fshii et al. (5,541.985); 
twamoto et al. (Des. 370.213); Johnson et al. 
(5.149.945); Kapp et al. (5. 233,547); Koenck et al. 

so (5,410,141); Kreft (5,619,683); Kumar (5,265,951); 
Kuwano et al. (4,922,1 1 1); Lei (5,373,146); Luong (Des. 
348,439); Marceau et al. (5,491,326); Masuzawa et al. 
(5,015,830); Mori (4,877,947); Nitta (4,851,654); Oogita 
(5,227,615); Ozawa et al. (5,357,091); Parienti 

ss (5.18937); Rey (5,272,319); Roberts et al. 
(5,438,184); Shino (5,296,692); Takahasrri (5,406,064); 
Tatsuno (4,870,604); Terada et al. (5,561 ,628); Ugon et 
al. (4,523,297); Vandenengel (5.517,011); and Yoshi- 
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matsuelal. (5,615,388). 

Further regarding functionality, while the electronic 
nature of the IC "cash" provides convenience, it also 
presents some problems or li m it a tions for the user or 
owner of the card. In particular, there are limitations and s 
problems associated with calculating the expected bal- 
ance remaining on a smart card after a purchase. For 
example, when a consumer makes a normal purchase 
with a cash transaction using coins or paper currency, 
an amount greater or equal to the exact pirchase price 10 
is given to the retailer, after which the retailer returns the 
appropriate amount of change, i.e., the difference 
between the purchase amount and the amount ten- 
dered. Upon receiving the change, the consumer can 
easily verify that the correct amount of change has been 75 
returned by counting with the change upwards starting 
from the purchase amount to the amount tendered, lor 
example. 

For example, a consumer makes a purchase for 
$12.73, and gives the merchant $15, using a ten dollar 20 
bill and a five dollar bill. The merchant returns $227 to 
the consumer, giving two one dollar bills, one quarter, 
and two pennies. The consumer verifies that this is the 
correct change amount by counting upwards with the 
change, for example: $12.73 plus $2 = $14.73; $14.73 2s 
plus 2 cents = $14.75; and $14.75 plus 25 cents = 
$1 5.00, the amount tendered. 

This calculation is fairly easy to make as it does not 
require any subtraction with carry, for example, and can 
also be done step-by-step with the cfifferent currency 30 
units returned. In some simpler cases, the consumer 
may also elect to give the exact change, or the exact 
change for only the decimal part of the value For exam- 
ple, on a purchase of $12.73, the consumer has the 
option, if he has the change available, of paying the 35 
exact amount of $12.73, or alternatively, paying the 
exact amount for the decimal portion, e.g.. $15.73. In 
either of these cases the expected change calculation is 
simplified further or unnecessary. 

However, when a purchase is made using elec- 40 
tronic means, La, an IC card, calculating the expected 
change is considerably more cfiff icurt, whDe at the same 
time the requirement to do so is even stronger, since 
one could be short-changed without knowing it While in 
a paper/coin transaction, the consumer typically only 45 
gives the retailer the lowest possHe amount of money 
contained in his purse or wallet, in the case of smart 
card electronic transactions, the consumer is required 
to present the complete value contained within the IC 
card to the retailer. This clearty increases the risk of so 
being short-changed by the retailer. 

The calculations required to compute the expected 
change are made much more difficult in this case for at 
least the following reasons: 

55 

1. The amount or balance on the smart card will 
rarely be an integral number of currency units or 
contain the exact decimal value of the purchase. 



For instance, on the previous purchase of $12.73, 
the consumer may already have a balance of 
$16.22 on his or her card. 
2. The consumer must calculate the expected bal- 
ance on his or her card after the purchase by per- 
fbrming a subtraction of the purchase price from the 
balance previously on his or her card. In other 
words, it is not posstole to count up from the pur- 
chase price since no change is physically returned. 
The transaction is essentially equivalent to the con- 
sumer giving his or her full wallet to the retailer, and 
relying on the retailer to remove the correct amount 
of money. In many cases, this subtraction will also 
require one or more carries, increasing the chances 
for error on the part of the consumer. For instance, 
on the purchase of $12.73 on a card containing 
$16.22, two carries are required due to the decimal 
amounts. 

Therefore, there is a need for a way to allow the 
consumer to be able to easily determine the expected 
remaining balance on his or her IC card prior to and/or 
after an electronic cash purchase. 

With the need for providing increased functionality, 
as described above, comes the need for a source of 
power adequate to provide the energy consumed by the 
associated electronics. IC card reader devices in the 
past had a sole source of energy, either from the inter- 
nal batteries or an external means. These and other 
problems are addressed by various aspects of this 
invention relating to smart power management, which 
can manage several sources of energy simultaneously. 
When the reader is engaged with an external system, 
the internal batteries or an additional energy source can 
be activated when required for operation. 

Summary of the Invention 

It is an object of the invention to provide an 
enhanced portable IC card reader device. 

It is a further object of the invention to provided a 
device which overcomes the problems mentioned 
abova 

These and other objects of the present invention 
are accomplished by the method and apparatus dis- 
closed herein. 

An exemplary embodiment of the IC card reader 
according to the invention is advantageously provided 
with an input-output (I/O) port for connecting an external 
interface module to provide communication capability 
and functionality comparable to the terminal type 
reader. Further, the interface module can take a variety 
of forms, including RS232, infra-red (IR), radio fre- 
quency (RF) or a modem for interfacing with telephone 
lines. 

The problems associated with interfacing with an 
external device without adversely affecting the device 
thickness, is solved according to one aspect of the 
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invention by flexing, or bending, the circuit board. In par- 
ticular, the board VO fingers are extended so the board 
is flexed without undue stress. Near the I/O connector, 
the board is hekJ between two surfaces in the surround- 
ing plastic case to hold it perpendicular to the outside s 
waD. 

An exemplary embodiment of the invention having 
a solution to the problem of determining the expected 
change in an electronic transaction by allowing the con- 
sumer to easily calculate the expected remaining bal- to 
ance on his or her smart card prior to a purchase This 
invention proposes a simple solution to the problem of 
verifying the correct purchase amount and expected 
balance when using smart card electronic cash for pur- 
chases. It combines a card reader with a keypad in such is 
a way that the user can quicWy and accurately verify the 
expected balance on his or her card following a pur- 
chase. 

An exemplary embodiment of the invention having 
a battery compartment for holding two batteries to pro- 20 
vide the power necessary to operate the electronics 
associated with the increased functionality, is provided 
according to another aspect of the invention. 

Brief Description of the Drawings 2s 

These and other features, aspects and advantages 
are provided by errtxxfimerrts of the invention descrfoed 
below in the detailed description of the invention and 
illustrated in the accompanying drawings, in which: 30 

Figs. 1 and 1A-1C illustrate the external appear- 
ance of the IC card reader/interface device accord- 
ing to an exemplary embodiment of the invention; 
Fig. 2 is an exploded view of the exemplary device 35 
of Fig. 1, showing how an interface adapter plug 
would connect to the device and how batteries 
would be placed according to an exemplary embod- 
iment of the invention; 

Figs. 3 and 3A-3F illustrate a battery tray according 40 
to an exemplary embodiment of the invention; 
Fig. 4A is a transparent view of the IC card reader 
device according to one exemplary embodiment of 
the invention, with an interface module connector 
connected thereto; *s 
Fig. 4B is a side view of the device according to Fig 
4A showing the connector channel; 
Fig. 5 is a cross section showing how the circuit 
board of an exemplary embodiment of the device is 
bent and held in place; so 
Fig. 6 is an illustration of an exemplary embodiment 
of the device showing a pair of devices and inter- 
face modules, one with an interface module and 
connector in a connected condition, and one in an 
unconnected condition with the battery tray pulled 
out; 

Fig. 7 illustrates the same arrangement as Fig. 6 
except that the pair of devices are viewed from a 



cSfferent side, and the battery tray pulled out is not 
shown; 

Rgs. 8A and 8B illustrate an embodiment of the 
device and a basic block diagram of the exemplary 
embodiment, where the interface module has 
RS232 type transceiver circuitry; 
Rgs. 9A-9C illustrate an interlace according to an 
exemplary embodiment of the invention, showing 
connector ends and the cable therebetween; 
Rg. 1 0 is a state diagram of three operating modes 
and the transitions therebetween according to an 
exemplary embodiment of the invention; 
Rgs. 10A, 10Band10C are portions of a flow chart 
of the operation of an exemplary embodiment of the 
invention; 

Rg. 11 is a flow chart of the operation of an inter- 
face system according to an exemplary embodi- 
ment of the invention; 

Rg. 12 is a block (Sagram of an exemplary embodi- 
ment of the invention having a PC interface unit; 
Rg. 1 3 is a block cfap/am of an exemplary embodi- 
ment of the invention having an infra-red (IrDA) 
interface system; 

Rg. 14 is a block diagram of an exemplary embodi- 
ment of the invention having a radio frequency (RF) 
interface system; 

Rg. 15 is a block dap/am of an exemplary embodi- 
ment of the invention having a modem interface 
unit; 

Rg. 16 is a block oSagram of an exemplary embodi- 
ment of the invention having a modular interface 
system, and showing the three layers of communi- 
cation protocol; 

Rg. 1 7 is a flow chart for a first exemplary embodi- 
ment of a change-checking method according to 
the invention; 

Rg. 18 is a flow chart for a first alternate exemplary 
embodiment of a change-checking method accord- 
ing to the invention; 

Rg. 19 is a flow chart for a second alternate exem- 
plary embodiment of a change-checking method 
according to the invention; 
Rg. 20 is a flow chart for a third alternate exemplary 
embodiment of a change-checking method accord- 
ing to the invention; 

Rg. 21 is a schematic diagram for an exemplary 
embodiment of an interface system according to 
the invention; and 

Rg. 22 is a schematic diagram of an exemplary 
embodiment of the invention. 

Detailed Description of the Preferred Embodiments of 
the Invention 

55 The invention will now be described in more detail 
by way of example with reference to the embodiments 
shewn in the accompanying figures. It should be kept in 
mind that the following described embodiments are pre- 
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sented only by way of example, and should not be con- 
strued as limiting the inventive concept to any particular 
physical configuration. 

An exemplary embodiment of the invention is illus- 
trated in Fig. 1. An embodiment of the present invention 
in a commercial form is known as the VaJueChecker- 
PLUS (VC+). This product is an enhancement over the 
original VaiueChecker, incorporating enhanced capabil- 
ity and functionality (Value-Checker and ValueChecker- 
PLUS are proprietary trademarks and all rights are 
reserved). (ValueChecker+ will also be used herein for 
ValueCheckerPLUS.) 

The portable reader device 101 (ValueChecker+) of 
Fig. 1 includes a case 102 made of plastic, for example, 
a display 104, and a keypad 106K. The keypad 106K is 
a keypad entry (module) to allow a user to select a vari- 
ety of predefaied functions for use with IC cards. As 
illustrated, there is a 4 by 5 matrix of numeric and func- 
tion keys, including as one column of the matrix, four 
arrow keys. The illustrated embodiment uses a pinpad- 
sized keypad having a 4 by 5 matrix. However, the 
invention is not limited to this particular key arrange- 
ment, but may encompass other key arrangements 
within the scope of the invention defined in the claims. A 
battery tray 112 is provided along one side of the 
device. A face plate or cover 114 is provided and bears 
the trademark and company name in the illustration. A 
slot 108 with a finger cut-out is provided for insertion 
and removal of an IC card. As can be appreciated from 
Fig. 1, the device is not much larger in dimensions than 
an IC card itself, enabling it to be placed conveniently in 
a shirt pocket or wallet, for example, due to the ingenuity 
of the engineering and design. The placement of ele- 
ments described is subject to variation within the spirit 
of the invention. The placement shown in Fig. 1 is for the 
purposes of illustration of an exemplary embodiment of 
the invention. 

An interface connector channel 1 1 0 is illustrated as 
provided along one edge of the case 1 02. With an addi- 
tional interface module, ag.. a personal computer 
adapter (PCA) which will be descrfced in more detail 
later, the capability to interface an IC card with a per- 
sonal computer (PC) through the portable reader device 
101 is provided. The embodiments of the VC+ PCA 
descrbed later herein, are of a similar size and shape 
(form factor) as those which could be used with the pre- 
vious VaiueChecker device. 

As mentioned at the outset, the compact design of 
the VC+ portable reader device 101 is one factor that 
differentiates it from previously known IC card reader 
devices, e.g., desktop smart card readers and POS ter- 
minals, and gives it the advantageous portability. The 
advantageous sGm design opens up a variety of useful 
application possibilities for the mobile world in which we 
live. 

In the illustrated, exemplary preferred embodiment, 
the portable reader device 101 is generally rectangular 
and sized to fit comfortably into a standard shirt pocket 



or wallet However, other shapes and sizes are possible 
within the spirit of the invention, so long as the benefits 
of compact size and convenience are maintained. 
Besides providing an interface to the PC environ- 

s ment when operating with the PCA, the VC+ when oper- 
ating in the standalone mode is also capable of 
providing selective information from the IC card to a 
user. An on-board key pad entry (module) enables the 
user to control the operation of the portable reader 

io device 101. 

Providing ample power for the increased functional- 
ity is another object of the invention. With reference to 
Figs. 2 and 3, for example, a battery tray 204 having 
space tor two batteries 210 is illustrated. The battery 

15 tray 204 may be located on any of the edges of the case 
102, and slides in and out for easy access by way of a 
finger slot As illustrated, contacts 206 and 208 electri- 
cally connect the batteries 21 0 to the electronic circuitry 
of the portable reader device 101 (ag., a painted circuit 

20 board PCB). A circuit board 106 has the keys of keypad 
106K disposed thereon, along with the electronics 
required for operation, which will be descrbed later, and 
thus forms a key pad entry module 106. The circuit 
board is connected to the display by a ribbon connector 

2s 202 in the illustrated embodiment 

Providing a compact, modular IC card (chip card) 
interface system is another object of the invention. As 
mentioned before, the two kinds of conventional 
reader/interface systems for IC cards offer either porta- 

30 bility or connectivity, but not both. In this invention, a 
novel modular IC card interface system is described. 
The modular IC card interface system is not only small 
enough to be portable, but also versatile enough to be 
capable of communicating with other systems through 

35 different mediums (e.g., RF, IR and RS232). An embod- 
iment of the system according to the invention includes 
essentially two parts. The first part is a portable reader 
device 101 (Fig. 1) with the key pad entry (module) 106, 
an LCD display (module) 104, and an interface connec- 

40 tor channel 1 10 (port). The second part is the interface 
modules) including connectors, circuitry and cabling, 
ag., 600 (see Fig. 6). 

Figs. 1, and 1A-1C illustrate the external appear- 
ance of the IC card portable reader device 101 accord- 

45 ing to an emboolment of the invention and Fig. 2 is an 
exploded view of the portable reader device 101 of Fig. 
1, showing an interface adapter plug 218 which would 
connect to the portable reader device 1 01 , and how bat- 
teries 210 would be placed according to an emboolment 

so of the invention. Adapter plug 218 has an electrical plug 
220 which couples with connections 222 on an exten- 
sion of the circuit board, as illustrated. As will be 
described later in more detail, this portion of the circuit 
board is flexed to provide a more compact yet sturdy 

55 design. 

Fig. 2 also illustrates a bottom cover 214, IC card 
channel cover 212, the main portion of the case 102 and 
the top cover plate 114 in an exploded fashion. Figs. 3, 
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and 3A-3F show the battery tray 204 and contacts 206, 
208, enlarged and in more detail. 

Rg. 4A shows the connection of the portable reader 
device 101 to the connector 218 in a transparent view. 
The connector 218 engages the extended portion of the 
droit board as previously descrfoed, at the interface 
connector channel 110 (shown also in Fig. 4B). The 
flexing of the circuit board in this area is shown in the 
cross section of Fig. & By flexing, the length V of the 
flex portion of the board is reduced, making for a more 
compact overall design. Maintaining a reduced thick- 
ness of the hand held IC card reader is an object of the 
invention. For a hand held IC card reader, the form fac- 
tor is important in ensuring the device is convenient and 
easy to carry. Optimizing size and weight are two of the' 
many factors required to achieve these goals. One 
dimension may be more important to the convenience 
of a hand held device than another. In the case of the 
design of a hand held IC card reader according to the 
present invention, the thickness of the device is impor- 
tant to portability. A device of this size should be able to 
easily fit into a shirt pocket, wallet or a small purse, and 
the thickness dimension largely determines how easily 
it can be carried in a shirt pocket or a wallet, for exam- 
ple. 

As already mentioned above, the IC card portable 
reader device 101 according to the invention is advanta- 
geously provided with an input-output (I/O) port for con- 
necting to external device, ft is common for circuit board 
edge contacts, or "fingers," to be used as an I/O con- 
nector to exit a computer or other electronic system 
enclosure, for example. However, generally, in these 
cases, size is not a driving factor, and therefore ample 
space for a mating connector is usually available, or the 
circuit board is positioned such that connecting cable 
thickness does not require a change in the height of the 
device enclosure. 

In the case of the IC card portable reader device 
101 according to the present invention, the printed cir- 
cuit board is provided as a second layer of the device 
structure at the top; for example (see Rg. 2, an 
exploded view of one embodiment of the device). This 
permits using a lew cost covering label as the faceplate 
or cover 114 to finish off the device and complete the 
membrane switch keypad 106K at the same time. 

However, if the I/O connection fingers 222 were not 
somehow repositioned below the covering label 114, 
there would be a need to create a bump in the surround- 
ing case 102, or to expose the connection fingers 222 
themselves and cause the adapter plug 218 to protrude 
above the top of the portable reader device 101. This 
problem is solved according to one aspect of the inven- 
tion by flexing, or bending, the circuit board as will be 
further descrfced below, and is illustrated in Fig. 5. 

Regarding the idea of bending a printed circuit 
board, it is only known to use this concept with flextole 
contacts which are in the form of a cable connecting, for 
example, internal electronic circuit boards in a device In 



the present case, a substrate thicker than such flexible 
contacts was needed for the external cable system to 
connect to, ag., a printed circuit board thickness of 
about 0.020 in. (0.5mm). This thickness requirement 
5 caused two design problems which needed to be over- 
come and which could have resulted in a substantial 
increase in the thickness of the portable reader device 
101. 

The problem area was at the VO adapter plug 218 
io and connector 220 which, when connected to the circuit 
board at connection fingers 222, would have protruded 
above the plane of the covering label 1 1 4. Conventional 
design practices would have simply increased the thick- 
ness in order to fit the requirements of the I/O adapter 
is plug. However, keeping thickness minimized is an 
object of the invention. Therefore, in the present inven- 
tion, a non-standard, counter-intuitive bending of the cir- 
cuit board below the plane of the label 114 was used to 
keep the portable reader device 101 from getting any 
20 thicker. However, by doing this there were two design 
considerations which had to be taken into account 

1) the board could not be flexed beyond its elastic 
limit without becoming fatigued or snapping; and 
25 2) the connector region of the board should ideally 
be perpendicular to the external wall of the sur- 
rouncfing device case or else the connector contact 
integrity could be compromised. 

30 To deal with these problems and design considera- 
tions, the circuit board I/O connection fingers 222 were 
extended, eg., approximately 10 mm in an exemplary 
embodiment, so that the circuit board could be safety 
flexed. Near the I/O connector region, the board is held 

as firmly between two surfaces S1, S2 in the case 102 
which holds it perpendicular to the outside wall of the 
portable reader device 101 (see Fig. 5). 

In this design, there is a thin slot, ag., about 6mm 
thick, which can be created by a slide or side action in 

40 tooling. This slot creates an upper and a lower surface 
S1 . S2 to hold the flexed printed circuit board and (PC B) 
perpendicular to the outside edge of the portable reader 
device 101. To assemble the portable reader device 
101, first the PCB I/O connection fingers 222 are 

45 inserted into this slot between surfaces S1 and S2. 
Then the PCB is held down against the top of the case 
1 02 while screws, or a heat stake process, for example, 
secures the PCB into the case 102. The case features 
and the length of the PCB I/O connection fingers 222 

so will automatically align and position the fingers 222 at 
the correct location (see Figs. 2 and 5). 

In Fig. 5, an arrangement of the flexed circuit board 
is illustrated in a cross-sectional view. The adapter plug 
218 easily connects to the edge E of the circuit board 

55 through the slot provided, the edge of the circuit board 
being held perpendicular between surfaces S1, S2 of 
the device case 102. Where the circuit board is flexed 
over the portion of length L and then brought back to 
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parallel, the covering label 114 can be installed flush 
with the top of the case 102 to form the membrane 
switch keypad 106K 

Figs. 6 and 7 show two different views of an inter- 
face module 600 and card portable reader device 101, s 
in attached and unattached conditions. As can be seen, 
the module case 602 is coupled via cable 604 to the 
connector 218, previously described. The module case 
602 is shown with knobs 606 which are used to attach 
the module case 602 to a standard interface socket (not to 
shown) such as is provided on the back of a PC or 
modem, for example. Threaded tips 606A are for screw- 
ing into threaded sockets to secure a plug 702 on the 
module case 602 to the external device, e.g., PC or 
modem, in question. is 

Figs. 8A and 8B show an embodiment of the porta- 
ble reader device 101 and a basic block diagram off an 
embodiment of the electronic system of the device 101 , 
and an interface module case 802 having therein an 
RS232 type transceiver circuit. A cable 804 couples the 20 
module case 802 to a connector 81 8, which connects to 
the portable reader device 101 at the interface connec- 
tor channel 110. In this way, a rricrocontroller unit 
(MCU) 806 of the portable reader device 101 is inter- 
faced for input and output with an external device 2s 
through an interface port 820 and circuitry in the modiie 
case 802. The MCU 806 is coupled to the display 104, 
to the keypad 106K, and to an interface port 808 to an 
IC card 810 which can be inserted into the portable 
reader device 101 . The RS-232 transceiver circuitry in 30 
the module case 802 interfaces to an RS-232 port of a 
PC or modem, for example, through a standard connec- 
tor. 

Fig. 8B is the block diagram of a typical embodi- 
ment of the invention, i.e.. a VC+ portable reader device 3S 
101 with a PCA interface system 802, 804, 818. A sum- 
mary of the system is now presented. The MCU 806 of 
the portable reader device 101, in an exemplary pre- 
ferred embodiment has the following features and char- 
acteristics. The MCU 806 is, for example, an 8 bit micro- 40 
controller with an internal LCD driver circuit to support 
up to a 12-character LCD display (a total of 116 seg- 
ments) 104, a keypad interface for a 4 by 5 keypad 
matrix, an interface port 820 for a cable system, and an 
interface port 808 for an IC-card 810. Other types of 45 
micro-controllers could be used as one skilled in the art 
would understand, as could different keypads, and dis- 
plays, the above description of a typical embodiment 
being presented for purposes of example and explana- 
tion only. so 

A typical LCD display 104 in an exemplary embodi- 
ment has the following characteristics. Display 104 is, 
for example, a ten-character display (a 12 numeric 7 
segments display), wherein 5 additional segments can 
be used for special icons. Display 104 operates on 5 ss 
volts, and has ratios off 1/3 bias and 1/4 cfajrty cycle, for 
example. 

A typical keypad 106K in an exemplary embodi- 
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ment has/ for example, 20 keys arranged in 4 by 5 
matrix (10 keys for digits and 10 keys for other func- 
tions). Keypad 106K has, applied thereon, for example, 
a printed silver ink top label 114, and the key witches 
would typically be membrane switches disposed as a 
keypad matrix on the top surface of the circuit 

A typical IC card interface port 808 in a preferred 
embodiment is compatible with ISO-7816, for example, 
and uses an off-the-shelf IC card connector (not shown) 
with card-in detection. According to the invention, a 
modified ISO protocol format would typically be used. 
The communication between the circuitry module case 
802 and the portable reader device 101 through a 4 pin 
interface PC port 820, is based on a custom protocol 
descrfoed herein. The data transfer is based on block 
transfer, i.a, a block of data is transferred from one end 
to the other end in alternate order. Differences between 
the present invention's protocol and the ISO-7816 
standard protocol are now explained. 

According to the present invention, a unique "VC+ 
Prqtocol Format" is used. In this protocol, each data 
block consists off, for example, a header byte, a length 
byte, and a duplication of the header byta A series off 
information bytes of the size indicated by the value off 
the length byte, and finally a checksum byte, are pro- 
vided. The header byte is used to specify a particular 
one of a plurality of functions. The VC+ portable reader 
device 101 according to the invention supports the fol- 
lowing exemplary functions: receiving a command data 
sequence from an external source and passing it down 
to the IC card for execution; transmitting response data 
after execution of a command from the IC card to an 
external source; and receiving dtsplayable data from an 
external source and the IC card. Of course, a keypad 
data request and response function, a corrvnunication 
status and error information request and response, as 
well as power management functions, are also pro- 
vided. 

The connected mode of operation off the device 
includes two methods of IC card data transfer: pass- 
through and non-pass-through. In pass-through, the 
portable reader device 101 serves as a conduit for the 
data to flow between the IC card and an external 
source. In the second transfer method, non-pass- 
through, the portable reader device 101 will intercept 
the command and response data, and perform some 
operations thereon, e.g., data validation and/or error 
handling, for exampla 

In the ISO-7816 protocol, each data block consists 
of, for example, a prologue (3 bytes long) that includes 
NAD (address) bytes, PCB (status) bytes and LEN 
(lengthy) bytes, an information data section (the size of 
which is specified by the value of the LEN byte), and an 
epilogue (1 or 2 bytes long) that is used as a checksum 
for the whole block. In this protocol, the NAD is used for 
addressing, and the PCB to show the status of the 
transfer. However, this protocol does not offer control of 
other hardware peripherals (ag., LCD or keypad), so its 
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capability is limited. . 

The cable interface 818-820 in a preferred embodi- 
ment is a PCMCIA type low prufie SMT receptacle, 
there being a direct connection to the printed circuit 
board through edge connector fingers 222, with a total 
of four interface pins needed: VCC, RX, TX, and GND. 

The power system in a preferred embodiment uses, 
for example, two CR 2016 lithium coin cell batteries 210 
for powering the internal circuitry. The batteries 210 are 
replaceable by the user through battery tray 204 which 
slides in and out However, power can be supplied by an 
external PC when in the device is operating in the con- 
nected mode, in accordance with so-called smart power 
management 

The cable subsystem includes, in one preferred 
embodiment, RS-232 transceiver circuitry embedded, 
for example, in a module case 802 formed integrally 
with a cable, and provides for a data transfer rate at 
4800 BAUD, for example. The interface also contains 
power circuitry to extract power from the RS-232 port of 
the external PC, for use by the portable reader device 
101. 

Rgs. 9A-9C illustrate an exemplary embocfiment of 
a cable subsystem, i.e., an interface module 600 
according to an embodiment of the invention showing 
typical connector ends 702, 218 and cable 604 therebe- 
tween. The exemplary illustrated system uses as the 
electrical plug 220 a specified 4 pin Molex connector 
(220) to connect the interface port 820 thereby connect- 
ing the portable IC reader device 101 to the interface 
module case 602. Using the same interface port 820, 
the portable reader device 101 can connect to several 
different types of interface modules 600, as will be 
described later. Figs. 9A-9C therefore show just one 
example of the connectors and cable which could be 
used to implement an embodiment of the invention. 

Depending on the communication medium used for 
hooking up the IC card interface system (reader and 
interface module) with an on-line network, for example, 
the circuitry in the interlace module case 602 is 
designed to convert the digital information extracted 
from the IC card and provided by the portable reader 
device 101 into other kinds of signals, such as RF, IRor 
RS232 formats, and vice versa For example, an RS- 
232 (PC) interface module when connected with the 
portable reader device 1 01 , enables the IC card data to 
be transferred to a PC through the PC's RS-232 port, 
and data from the PC can be transferred back to the IC 
card as well. 

Figs. 10 and 10A-10C relate to operation processes 
and will now be descrbed in detail. There are three 
modes of operation for the modular IC card interface 
system. The three operational modes are stan- 
dalone/passive, standalonetective and connected 
mode. Fig. 10 illustrates these three operating modes in 
the form of a state diagram, and Rgs. 10A, 10B and 
10C illustrate the operating mode transitions in flow 
chart form. 



When the portable reader device 101 is not con- 
nected to other systems, i.e., an interface module is not 
engaged, the portable reader device 101 is in a stan- 
dalone mode. Upon powering on the portable reader 

5 device 101, it is in the standalone/passive mode. The 
portable reader device 101 will fetch and display pre- 
defined data from an IC card inserted therein. After the 
data display is finished, or when the display of data is 
interrupted by detection of the pressing of a key press, 

to the portable reader device 101 goes into the stan- 
dalone/active mode. When in the active mode, a user 
can perform various functions on the IC card by using 
the keypad 106K on the portable reader device 1 01 . For 
example, the user can lock or unlock the IC card. 

is When an interface module such as described 
above is engaged, the system goes into the connected 
mode, communication control being from an external 
system. In the case of using an RS-232 interface in 
module case 602, software running in the PC may take 

20 total control over the communication port 

Figure 10 shows the relative transitions of these 
operational modes of the system. In more detail, the 
three modes are explained as follows. In the first mode, 
the standalone/passive mode, the following applies: the 

25 external interface (PC) port and the keypad data entry 
module are not active in this mode. The portable reader 
device 101 provides static (pre-defined) data from the 
IC card on the LCD display 104, i.e., balance, and/or 
traces data from the "purse." This mode is activated 

30 when a power-on button of the portable reader device 
101 is pressed. At this time, the portable reader device 
101 will display the static data on the LCD display 104 
sequentially until it reaches the end of the sequence. 
After reaching the end of the display sequence, the port- 

55 able reader device 101 wiD time out in 2 seconds if no 
key entry is detected during that time. 

In the second mode, the standalonefectrve mode, 
the following applies: the external interface (PC) port is 
not active. Upon power-on, the user can set the portable 

40 reader device 101 to the active mode by interrupting the 
display sequence of the static data by depressing any 
key on the keypad 106K. Once the portable reader 
device 101 is in the active mode, the IC card remains 
activated and, the LCD 104 displays messages to 

45 instruct the user to enter data. The user can select a 
particular function by pressing a function key on the 
portable reader device 101 . The portable reader device 
101 determines the status of the IC Card and performs 
the requested function. At the termination of a particular 

so function, the portable reader device 101 goes back to 
the active mode and waits for another function request. 
When the keypad entry module is idle for more than 15 
seconds, the portable reader device 101 powers down 
the IC card and times out. 

55 In the third mode, referred to as the connected 
mode, the following applies: the external interface (PC) 
port is active, i.e.. when the portable reader device 101 
is connected to the serial port, ag., RS-232 of a PC, 
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through an interface adapter module, it will be in the 
connected mode Instructions and data will be coming in 
and out of the PC. Rower to the portable reader device 
101 may be supplied and controlled by the PC as well. 
Any time-out routine will be handled by the software in 5 
the PC. When the portable reader device 101 is in the 
connected mode, the IC card wiD be able to interact with 
a high level application program in the PC. 

Exemplary applications of the portable reader 
device 101 in each of the three modes can be summa- 10 
rized as follows. 

Standalone/Passive mode: display pre-defined 
data/information from the IC card, command sequence 
and display procedure are masked in the MCU, self- 
start operation upon device power-on, real-time clock is 
(Optional). 

Standalone/Active mode: the user can select spec- 
ified data display from the IC card by making the selec- 
tion through the keypad, IC card locking and unlocking 
by means of the pin presentation, check- 20 
change/ctange-checker functions (described in more 
detail later), IC card data record updating, external data 
transfer into the card, and optional on-board calculation 
functions. 

Connected mode: complex applications designed 2s 
at a high level are translated into command stream and 
sent through the RS-232 port to the IC card, responses 
from the command executions are returned through the 
same path, customized communication protocol pro- 
vides an integrated application environment which uti- 30 
lizes both the LCD and keypad control of the reader, and 
enables the PC to perform home banking applications 
with the IC card. 

Fig. 11 is a high-level process flow chart for an 
embodiment of the invention utilizing the PC interface 35 
system. As illustrated in the process flowchart, a high 
level program for the interface system would operate in 
the following manner. At startup, the program initializes 
the serial port in the PC and establishes a communica- 
tion link through the interface adapter and provides 40 
power to turn on the portable reader device. This also 
sets up the operation mode for the portable reader 
device. After initialization, the program will perform a 
classic command fetch and execute loop. The program 
will fetch a command or control data from the user, 45 
either by using an internal command seque ice or an 
external command sequence entered through the key- 
board. The program builds and sends out a data block 
that conforms to the custom protocol tor the device, 
described above, to the portable reader device 101 . The so 
original command data embedded inside this data block 
will be extracted and processed by the microcontroller 
806 in the portable reader device 101. tf the command 
data is destined for the IC card, the portable reader 
device 101 will send out the command data to the IC ss 
card 810 through the card interface port 808. It then 
waits for the response generated by the command exe- 
cution. For a data block that contains process control 



data. LCD output data, and keypad input request and 
response data, the portable reader device 101 wifl proc- 
ess the request. For either type of data block, the porta- 
ble reader device 101 sends the command response or 
the process status back to the PC upon execution of the 
data block. Once the PC sends out a data block to the 
interface system, it waits for a response. When a 
response is received by the PC, it will be processed. 
Then the program will go and fetch a new command and 
start the cycle again, until termination. The above rou- 
tine is presented solely for the purpose of explaining the 
invention, and other routines could be used within the 
spirit of the invention, as would be recognized by one 
skilled in the art. All proprietary rights in the routines 
described herein are expressly reserved. 

Fig. 12 is a block diagram of an embodiment of the 
invention having an RS-232 PC interface unit 1202, 
including RS-232 transceiver circuitry 1 204, power con- 
tfitioningfcontrol circuitry 1206, and OKI "SmartPort" 
1208 which couples to the PC interface port 820 of port- 
able reader device 101. The unit 1202 connects to an 
external target system, such as a personal computer 
(PC) 1210, via RS-232 standard communications. The 
PC interface unit 1 202 is intended to enable connectivity 
between an IC card and a personal computer (PC). The 
portable reader device 101 provides the interface to the 
IC card 810, while the interface unit 1202 provides the 
interface to the PC system 1210 through an RS-232 
port. The portable reader device 101 is connected with 
the interface unit 1202 through, for example, a 4-pin 
port, e.g., the OKI SmartPort 1208. In such an imple- 
mentation of the invention, IC card commands and data 
are communicated through 1 208 using, for example, the 
customized communication protocol of the invention. 
The illustrated PC interface unit includes the RS-232 
transceiver circuitry 1204 in order to convert signals 
from the SmartPort 1208 to RS-232 compattole signals, 
and includes the power conditioning/control circuitry 
1206 in order to provide power to the portable reader 
device 101 from the PC 1210 while it is operated in the 
connected mode. WHh the PC interface unit 1202 
installed, the portable reader device 101 detects the 
existence of the external interface unit 1202 and 
switches its operation mode to the connected mode, as 
already mentioned. At that point, the PC 1210 will take 
full control of the communication with the portable 
reader device 101. 

To initiate communication with the IC card 810, the 
PC 1210 will, for example, transmit a command to the 
portable reader device 101 to request a Reset of the IC 
card 810. The portable reader device 101 will interpret 
the command it receives from the SmartPort 1208, and 
initiate the Reset of the IC card 81 0. If the Reset of the 
IC card 810 is successful, and the portable reader 
device 101 receives ATR (Answer to Reset) bytes from 
the IC card 810/ it will in turn send an ATR response 
back to the PC. 

As mentioned before, there are two variations of 
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operational method for the system in the connected 
mode: a pass-through method and a non-pass-through 
method. These communication methods and 
sequences are applicable for all the different interface 
systems descrbed herein. The only difference among s 
the several interface systems is the choice of communi- 
cation medium and path. 

Fig. 1 3 is a block diagram of an embodiment of the 
invention having an infra-red (IrDA) interface unit 1302 
which couples to an external target system 1304 via 
infrared signals. The unit 1302 includes a SmartPort 
1306 which couples to the IC card portable reader 
device 101, power control circuitry 1308. UART/MCU 
1310, LCD display 1312, modulation circuit 1314, trans- 
mitter (LED) 1316, receiver (photo-cfiode) 1318, demod- 
ulator 1320, and input module 1322. The IrDA interface 
system 1302 provides signal conversion from cfigrtal 
data coming out of the portable reader device 101 to 
IrDA compatible signals. 

Rg. 1 4 is a block diagram of an embodiment of the 
invention having a radio frequency (RF) interface unit 
1402, including a UART7MCU 1408 which interfaces to 
the portable reader device 101 through SmartPort 
1410, power control circuitry 1402, digital signal proces- 
sor (DSP) 1414, an analog RF block 1416 with power 
amplifier frequency synthesis receiver and filter, and 
transceiver 1418. Communication with the external tar- 
get system 1404 in this case is through radio communi- 
cation between antennas 1406, ag., a cellular network. 
An LCD display 1420 and an input module 1422 are 
also provided. The RF interface system converts cfigrtal 
signals from the portable reader device 101 to an ana- 
log signal from the cfigrtal data signal, and then to an RF 
(modulated) signal for use in transmission through the 
air by way of an antenna 1406. A coaxial RF transmis- 
sion could of course also be implemented if desired. 
Further, any of a variety of known RF techniques could 
be used within the spirit of the invention. 

When the IR (infra-red light) interface module 1302 
or the RF (radio frequency) interface module 1402 is 
used, the modular system enables the IC card data to 
be transferred through an IR or an RF mecfium, respec- 
tively, to the external target device 1404. 

Fig. 1 5 is a block diagram of an embodiment of the 
invention having a modem interface unit 1502, which 
includes SmartPort 1504 coupling the unit to the porta- 
ble reader device 101, power control circuitry 1506, an 
LCD display 1508, an input module 1510, UART/MCU 
1512, a modem chip set 1514, and a transceiver circuit 
1516. The unit couples to a target system through a 
public system telephone network 1518. The modem 
interface system 1502 provides signal conversion from 
digital data signals from the IC card 810 through the 
portable reader device 101 to signals compatible with 
the public system telephone network (PSTN) 151a 

Rg. 16 is a diagram of an embodiment of the inven- 
tion having a modular interface unit 1602 such as one of 
the types previously descrbed, the diagram being for 



showing the three layers of communication protocol: 
Application, Transport and Physical layers. This over- 
view of the VaIueChecker+ modular interface system 
shows a generic interface system 1602 designed 
according to the invention. The block cfiagram also illus- 
trates various connectivity methods for the several 
embodiments of the system, and the trMevel communi- 
cations protocol is specified. A block diagram of the 
portable reader device 101 is also shown in this figure 
as well. 

The invention takes advantage of a modular inter- 
face design as should have been apparent from the pre- 
ceding description. A special command protocol, 
mentioned above, is used with the interface system. 
The command protocol is used to provide a standard- 
ized command syntax for communication between the 
external system 1604 and the MCU 806 in the portable 
reader device 101. 

Below is a detailed description of an exemplary 
command protocol accortfing to an embodiment of the 
invention. 

As was previously mentioned, the command proto- 
col used in the device PC interface is similar to the Type 
1 block transfer protocol in the ISO 7816 part 3. Each 
data block according to the invention has a header, a 
length byte to indicate the total length of the subsequent 
data bytes, and a duplication of the header byte, 
optional data bytes and the final checksum byte that is 
equal to the XOR of all the proceeding bytes within the 
block. All the values for the command block are coded in 
Hex digits. 

There are two modes of IC card (ICC) Command 
and Response data interchange between the portable 
reader device and the host PC. The first mode is the 
pass-through mode. In this mode, the host PC takes 
care of all the block framing, block sequence number 
tracking and error handing. The data sent out from the 
host PC to the portable reader device 101 is the exact 
command data the portable reader device 101 will send 
to the IC card 810. Also, the response resulting from the 
execution of the command wilt be sent back to the host 
PC without any modfication. This mode is intended for 
the situation where the host PC takes direct control over 
the IC card 810. 

The second mode is the non-pass-through mode. 
In this mode, the portable reader device 101 handles 
the command framing, sequence number tracking and 
error handling. The data sent out from the host PC is 
only the raw APDU command bytes, and the portable 
reader device 101 returns only the final response, ag., 
data plus status word, from the command execution to 
the host PC. 

Simplifying change calculations for IC card cash 
purchases is another object of the disclosed invention. 
The solution wiQ now be described in more detail with 
reference to Figs. 17 to 20. 

A personal IC card portable reader device 101 con- 
taining a micro-controller 806 and support circuitry, 
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power supply (batteries 21 0), display 104, IC&mart card 
communications hardware (port 808) and software, and 
a simple keypad 106K, has been described above. The 
portable reader device 101 is constructed so that the 
user's IC card 810 is inserted and stored in a slot 108 in 5 
the portable reader device 101 , and so that the user can 
easily and quickly perform interactions with the data 
stored on the card 810. In the Background and Sum- 
mary sections above, the problem of determining how 
much available value (electronic cash balance) shouk) w 
be left in the IC card 810 after a purchase, has been dis- 
cussed, and a solution summarized. 

Prior to making a purchase, the user would turn on 
the portable reader device 101, whereupon it would 
immediately display the remaining balance on the card is 
(standalone/jpassive mode). At that point, the user can 
push a function button, the "Check-Change" button, to 
start a procedure to calculate the expected remaining 
balance after his anticipated purchase. 

After pushing the "Check-Change" button, the user 20 
enters the amount of the planned purchase using the 
numbered keys followed by the "enter" key. At this point 
the portable reader device will calculate and display the 
expected balance on the card following the purchase. 

Upon completing the purchase and receiving the 2s 
card back from the retailer, the user returns the card to 
his reader device and turns the portable reader device 
on, thereby displaying the remaining balance on the 
card. The user can then easily visually verify that the 
correct purchase amount has been deducted from the 30 
card and the remaining balance is correct Rg. 17 
shows a flow chart for this first operational sequence, a 
first embodiment of a change-checking method accord- 
ing to the invention. Rg. 1 8 is a flow chart for a first alter- 
nate embodiment of a change-checking method 3s 
according to the invention, Rg. 19 is a flow chart for a 
second alternate embodiment of a change-checking 
method according to the invention, and Rg. 20 is a flow 
chart for a third alternate embodiment of a change- 
checking method according to the invention. The 40 
method in Rg. 20 is similar to the method in Rg. 17, 
except that in addition, the device stores the expected 
purchase and original balance amounts, and a valida- 
tion is provided for by pressing the "Check-Change" 
function button to validate the final balance after the as 
purchase, by subtracting the purchase amount from the 
original balance. 

The proposed solution according to an exemplary 
embodiment of the invention offers several distinct 
advantages over using a calculator to determine the so 
expected remaining balance after a purchase. The entry 
for the starting and ending balances of the card is auto- 
matic upon insertion into the reader (standalone/pas- 
sive mode), and does not have to be manually entered 
into a calculator by the user. This not only saves time, ss 
but considerably reduces the chance of error. Further, 
the card rearing function and change calculation func- 
tions are combined into one compact, easy to use unit. 



eliminating the need for separate card reader and calcu- 
lator device. 

Other alternative embodimenls which are consid- 
ered to be within the scope of the invention are now 
mentioned. The solution may also be accomplished with 
simple variations of the above described preferred 
embodiment These include: 

1) Calculating the correct starting balance based on 
the final balance and purchase amount The user 
enters the purchase price based on the final 
remaining balance, and verifies that the calculated 
starting balance matches the original balance 
shown (see Rg. 18). 

2) The IC card reader device stores the starting bal- 
ance and ending balance, and calculates the 
expected purchase value. The user then verifies 
that the expected purchase amount corresponds to 
the actual purchase amount (see Rg. 19). 

3) Alternatively, the portable reader device can be 
made such that the comparisons are made auto- 
matically rather than through activation by the user. 
For instance, the portable reader device stores the 
initial balance in memory, the user enters the 
expected purchase amount and the user makes 
the purchase. When the card is returned to the port- 
able reader device after the purchase, the portable 
reader device reads and records the final card bal- 
ance, and indicates to the user that this ending bal- 
ance is correct (Rg. 20). 

This invention proposes a simple solution to the 
problem of verifying the correct purchase amount and 
expected balance when using IC card/smart card elec- 
tronic cash for purchases. It combines a card reader 
with a keypad in such a way that the user can quickly 
and accurately verify the expected balance on his a her 
card following a purchase. 

Rg. 21 is a schematic diagram for an enixxfiment 
of an interface unit according to the invention and Rg. 
22 is a schematic of an embodiment of the IC card port- 
able reader device 101 According to the invention. 

The portable reader device 101 in the illustrated 
exemplary preferred ernbodirnent is contemplated to 
support only T=0 and T=1 IC cards. However, support 
for other types of memory cards could be added within 
the spirit of the invention. 

The modular IC card interface system can be sum- 
marized as including two basic components, the porta- 
ble reader device 101 and the interface module 600 
(see e.g., Figs. 6, 8 and 12). The portable reader device 
101 includes aD the necessary electrical circuitry to 
interface with an IC card 810, an output module, &g.,a 
liquid crystal display (LCD) 104 for data output display, 
an input module, e.g.. a keypad 104, and an interface 
port 820. The interface port 820 is the same for the port- 
able reader device 1 01 , and all the interface modules to 
which it may be connected to, ag., an RS-232 module 
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802/1202, a modem module 1502, an RF module 1402, 
an IR module 1302, or arty other specialized modules 
which could be useful, such as a printer interface mod- 
ule, for example. By connecting different interface mod- 
ules to the portable reader device 101, the IC card data 
can be transferred through different communication 
channels as required. A specialized command protocol 
is used to provide a common protocol for all the inter- 
face modules regardless of the medium, which wfll be 
described in detail later. 

As mentioned above, according to an exemplary 
embodiment of the inventionrihere are three modes of 
operation, a standalonefcassive mode which provides a 
static data display, a standalone/active mode which 
allows expanded functions, and a connected mode in 
which an external system, ag., a personal computer 
(PC), takes control of the device. 

In the connected mode, power may be supplied 
from external source via the interface module, ag., from 
a PC via the RS-232 interface unit 1202. Further, in the 
connected mode, the LCD 104 and keypad 106K in the 
portable reader device 101, can be controlled by an 
external application program. The interface module 
takes care of signal conversion, and the portable reader 
device 101 does not need adjustment to accommodate 
different interface modules, i.e., a change of interface 
modules is transparent to the portable reader device 
101 for data transfers. 

Uses for the interface include, but are not limited to, 
the following: 

Home Banking with a PC - the user can employ the 
interface system along with a modem-equipped PC to 
download funds from his/her bank account to the IC 
card, or to update the transaction prof ae stored in the IC 
card. 

Access Control - the user can use an IC card to 
gain access to a computer network or another place 
This is accomplished by using the interface system to 
provide a link for authentication data residing in an IC 
card to be validated by an external terminal. 

Data logging - data can be communicated between 
an IC card and a terminal through the interface system, 
enabling various other applications to be implemented. 

It will be apparent to one skiDed in the art that the 
manner of making written description of the preferred 
embodiments, taken together with the drawings. 

It will be understood that the above description of 
the preferred embodiment of the present invention is 
susceptible to various modifications, changes, and 
adaptations, and the same are intended to be compre- 
hended within the meaning and range of equivalents of 
the invention. 

Although the disclosed embodiments relate to pro- 
viding a serial interface, the invention is not limited to 
such, but may also provide a parallel interface as 
required for a particular application. 



Claims 

1. A portable IC card reader device, comprising: 

5 a compact housing, including a portion which 

accommodates at least one battery; 

a keypad, disposed in the housing, having 

numeric keys and function keys; 

a display, disposed in the housing, which dis- 
w plays alpha-numeric characters; and 

electronic circuitry, disposed in the housing, 

interconnecting the keypad and display; 

wherein the electronic circuitry includes 

a micro-controller, an IC card port, and an 
is input/output port; and 

wherein the micro-controller is operative 

to control reading and writing to and from an IC 

card, and to perform functions related to IC 

card transactions. 

20 

2. The reader device according to claim 1, further 
comprising an interface module which couples to 
the input/output port and interfaces the reader 
device with an external device over a communica- 

25 tions medium. 

3. The reader device according to claim 2, wherein the 
interface mocfajte is a serial interface module, the 
module comprising a housing, serial transceiver ctr- 

30 curtry disposed in the housing, a first input/output 
connector which connects to the input/output port 
of the reader device, a cable coupling the connector 
to the transceiver circuitry, and a second input/out- 
put connector which cotples the serial interface 

55 module transceiver to an external device. 

4. The reader device according to claim 3, wherein the 
serial interface module transceiver circuitry com- 
prises RS-232 transceiver circuitry. 

40 

5. The reader device according to claim 3, wherein the 
serial interface module transceiver circuitry com- 
prises infra-red transceiver circuitry. 

45 6. The reader device according to claim 3, wherein the 
serial interface module transceiver circuitry com- 
prises ratio-frequency transceiver circuitry. 

7. The reader device according to claim 3, wherein the 
so serial interface module transceiver circuitry com- 
prises modem circuitry. 

8. A method of operating a portable IC card reading 
device according to claim 1 , comprising: 

55 

rearing a stored value from an IC card when 
the IC card is inserted in the device; 
receiving user input corresponding to an 



12 



23 



EP 0858 046 A2 



24 



amount of a planned purchase; 
automatically calculating and displaying an 
expected balance after the planned purchase; 
and 

after making the planned purchase with the IC 
card, reading a stored value from an IC card 
when the IC card is inserted in the device, and 
displaying the value read. 

9. A method of operating a portable IC card reading 
device according to claim 1 , comprising: 

reading a first stored value from an IC card 
when the IC card is inserted in the device prior 
to being used to make a purchase by a user; 
reacting a second stored value from the IC card 
when the IC card is inserted in the device after 
being used to make the purchase by the user; 
and 

automatically calculating and displaying a pur- 
chase price based on the first and second 
stored values. 

10. A method of operating a portable IC card reading 
device according to claim 1 , comprising: 

reading a first stored value from an IC card 
when the IC card is inserted in the device prior 
to being used to make a purchase by a user; 
receiving user input corresponding to an 
amount of a purchase; 

reading a second stored value from an IC card 
when the IC card is inserted in the device after 
being used to make the purchase by the user; 
and 

automatically verifying the first stored value 
corresponds to the second stored value minus 
the purchase amount 

11. A portable IC card reader device, comprising: 

a compact housing having a form factor sized 
to fit in a shirt pocket or wallet; 
keyed input means for receiving keyed-in user 
input data; 

display means for displaying data to a user; 
IC card reading/writing means for readingAwit- 
ing to/from an IC card; 

processing and control means for processing 
data and controlling operations of the reader 
device; and 

interface means for interfacing the IC card 
reader device with an external device for the 
exchang e of at I east data. 

12. The reader device according to claim 11, wherein 
the display means comprises a liquid crystal display 
device. 



13. The reader device according to claim 11, wherein 
the keyed input means comprises a pin-pad keypad 
having a plurality of keys including numeric and 
function keys. 

5 

14. The reader device according to claim 11, wherein 
the processing means comprises a micro-control- 
ler. 

w 15. The reader device according to claim 11, wherein 
the interface means comprises an input/output port. 

16. The reader device according to claim 15, further 
comprising an interface module which couples to 

is the input/output port and interfaces the reader 
device with an external device over a communica- 
tions medium. 

17. The portable IC card reader device according to 
20 claim 1 , wherein the portion which accommodates 

at least one battery comprises a removable battery 

tray. 

18. The portable IC card reader device according to 
25 claim 1 7, wherein the removable battery tray com- 
prises first and second battery compartments for 
receiving a respective battery therein, and battery 
contacts for connecting batteries received in the 
battery tray to the electronic circuitry of the device. 

30 

19. The reader device according to claim 11, wherein 
the device has a plurality of modes of operation, 
including: 

35 standalone passive mode, wherein the reader 

device is not connected to any adapter and 
simply displays data read from an IC card; 
standalone active mode, wherein the reader 
device is not connected to any adapter, 

40 accepts and responds to user commands input 

on the keyed input means, and interacts with 
an IC card according to the user commands; 
connected pass-through mode, wherein the 
reader device is connected to an adapter, the 

45 adapter is connected to an external host or 

controller device, and the external host or con- 
troller controls the reader device; and 
connected non-pass-through mode, wherein 
the reader device is connected to an adapter, 

so the adapter is connected to an external host or 

controller device, and the reader device per- 
forms some operations independently of the 
external host or controller device. 

55 20. The reader device according to claim 19, wherein 
the device has a communications protocol for com- 
municating with external devices, the protocol pro- 
vides for: 
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communicating with a plurality of cfifferent 
external adapter devices; 
operating in any of said modes of operation; 
handing a plurality of reader operations, 
including IC card interfacing, cfisplay of infor- 
mation on said display means, power manage- 
ment and keypad entry on said keyed entry 
means; and 

communications error handling and status. 

21. In a portable IC card reader device, a printed circuit 
board arrangement comprising: 

a housing having first and second parallel pla- 
nar surfaces; and 

a printed circuit board disposed in the housing, 
including a substrate having a thickness of 
about 0.020 in. (0.5mm), and including a por- 
tion which engages an external connector 
through an opening in the housing; 

wherein the printed circuit board is held 
by the housing at a first position, parallel to and 
between the planar surfaces of the housing, at 
the opening in the housing, and is held at a 
second position different from the first position, 
parallel to the planar surfaces of the housing 
and adjacent to the first parallel planar surface 
of the housing, the printed circuit board having 
a flex region between the first position and the 
second position. 

22. The printed circuit board arrangement accorcfing to 
claim 21, wherein at the first position, the printed 
circuit board extends in a direction substantially 
perpendicular to an edge of the housing at the 
opening in the housing. 

23. The printed circuit board arrangement accorcfing to 
claim 21, wherein the portion which engages the 
external connector comprises four electrical con- 
tacts. 

24. The printed circuit board arrangement accorcfing to 
claim 23, wherein the external connector is a four 
pin molex connector and wherein the portion which 
engages the external connector is adapted to mate 
with a four pin molex connector. 

25. An interface module for a portable IC card reader 
device, comprising: 

a housing; 

serial transceiver circuitry disposed in the 
housing; 

a first input/output connector which connects to 
an input/output port of the portable IC card 
reader; 

a cable coupling the connector to the trans- 



ceiver circuitry; and 

a second input/output port which couples the 
serial interface module transceiver to an exter- 
nal device. 

5 

26. The interface module according to claim 25, 
wherein the serial interface module transceiver cir- 
cuitry comprises RS-232 transceiver circuitry. 

10 27. The interface module according to claim 25, 
wherein the serial interface module transceiver cir- 
cuitry comprises infra-red transceiver circuitry. 

2a The interface module according to claim 25, 
15 wherein the serial interface module transceiver cir- 
cuitry comprises radio-frequency transceiver cir- 
cuitry. 

29. The interface module according to claim 25. 
so wherein the serial interface module transceiver cir- 
cuitry comprises modem circuitry. 

30. A method of operating a portable IC card reading 
device .comprising: 

reading a stored value from an IC card when 
the IC card is inserted in the device; 
receiving user input corresponding to an 
amount of a planned purchase; and 
so calculating and displaying an expected balance 

after the planned purchase. 

31. The method according to claim 30, further compris- 
ing: 

35 

after making a purchase with the IC card, read- 
ing a stored value from the IC card when the IC 
card is inserted in the device, and displaying 
the value read. 

40 

32. A method of operating a portable IC card reading 
device, comprising: 

reading a first stored value from an IC card 
45 when the IC card is inserted in the device prior 

to being used by a user to make a purchase; 
reacGng a second stored value from the ICcard 
when the IC card is inserted in the device after 
being used by a user to make the purchase; 
so and 

calculating and displaying a purchase price 
based on the first and second stored values. 

33. A method of operating a portable IC card reading 
55 device, comprising: 

reading a first stored value from an IC card 
when the IC card is inserted in the device prior 
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to being used by a user to make a purchase; 
receiving user input corresponding to an 
amount of a purchase; 

reading a second stored value from the tC card 
when the IC card is inserted in the device after 
being used by a user to make the purchase; 
and 

verifying the first stored value corresponds to 
the second stored value minus the purchase 
amount 

34. A portable modular IC card interface system, com- 
prising: 

a compact portable personal IC card reader; 
and 

a plurality of different interface modules. 

35. The system of claim 34, wherein the reader corn- 



interact with an IC card based on the user 
input; and 

wherein in the connected mode, the 
reader device operates either interactively or 
s passively with an external device to interface 

the external device to an IC card. 

39. The system of claim 38, wherein, when in the con- 
nected mode, the external device can control the 
10 reader keypad and display, and can control an IC 
card inserted in the reader. 



40. The system of claim 39, wherein the system uses a 
common communications protocol that facilitates 
communications with the external device through 
any one of the plurality of Afferent interface mod- 
ules through the interface port 
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a housing; 

IC card interlace circuitry and hardware; 

a user keypad; 

a user information display; 

an interface port for connecting the reader to 

the plurality of (Efferent interface modules; and 

an internal power source. 

36. The system of claim 34, wherein the plurality of dif- 
ferent interface modules include: 

an RS232 interface module; 

an infra-red interface module; 

a telephone network interface module; and 

a radio-frequency interface modula 

37. The system of claim 34, wherein the system uses a 
communications protocol that facilitates communi- 
cations with the plurality of different interface mod- 
ules through the interface port. 

38. The system of claim 34, wherein the system has a 
plurality of operating modes, the modes including: 

standalone passive mode; 
standalone active mode; and 
connected mode; 

wherein, when the reader is not con- 
nected to an external device through any of the 
plurality of different interface modules, the 
reader operates in the standalone passive 
mode or the standalone active mode; 

wherein, in the standalone passive 
mode, the reader operates to display data from 
an IC card to a user; 

wherein in the standalone active mode, 
the reader operates to receive user input and 
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41. The system of claim 40, wherein the protocol com- 
prises a data block having at least three fields, the 
fields comprising" 

a header and length information field; 
an optional information/data field; and 
a checksum field. 



42. The system of claim 41, wherein the header and 
length information field comprises a function/com- 
mand, wherein length data indicates the presence 

30 of and size of data associated with the com- 
mand/function. 

43. The system of claim 42, wherein the function/com- 
mand comprises at least one of a display control 

35 command; a keypad entry control, status, and refer- 
ence inquiry; and IC card communication. 

44. The system of claim 34, wherein the plurality of dif- 
ferent interface modules provide for communication 

40 at a plurafity of baud rates. 

45. The system of claim 34, wherein power can be pro- 
vided to the reader through any one of the plurality 
of different interface modules. 
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@ Data processing system. 

@ The memory area within an electronic token of the 'smart 
card* type comprising a processor (4), memory (7, 8, 9) and 
input/output means (5) is divided into an execute only region 
and a non-volatile read/write region. 

A method of loading an applications program is described in 
which the program is loaded into a portion of the read/write 
region by software methods and In which the application 
program may be altered if the use of the card alters. 
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Description 

Data processing 

This invention relates to a data processing system 
of the type comprising one or more portable 
electronic tokens, each comprising processing 5 
means, memory means and input/output means and 
one or more fixed read/write terminals, and in 
particular but not exclusively it relates to such a 
system as is disclosed in United Kingdom published 
patent application number GB2173623A, which is 10 
incorporated herein by reference. 

Transactions between such tokens, often known 
as 'smart cards' and the read/write terminals are 
performed under the control of software, known as 
applications software, residing in both the card and 15 
the terminals. The algorithms implemented by the 
applications software in the card generally deter- 
mines in full the operation of the card. Convention- 
ally, the application software is embedded into the 
card at manufacture and is contained within a ROM 20 
such that it can not be altered. Each ROM is 
therefore designed with a particular program and. 
application in mind and to change the ROM, and 
hence the use of the card, necessitates a consider- 
able expenditure and time and requires new masks 25 
to be made. 

The present invention arose from the need to 
produce a card, the software within which is 
relatively easily changeable to satisfy each different 
- application of the card. 30 

According to the present invention in a first aspect 
there Is provided a method of loading software into a 
portable electronic token of the type comprising 
processing means, memory means and input/output 
means and adapted for interaction with a read/write 35 
terminal, wherein the memory means comprises an 
execute only or read only memory region and a 
non-volatile read/write region, which method com- 
prises operativefy coupling the token and terminal, 
interchanging messages, under control of an opera- 40 
ting system stored in the execute or read only 
region, between the token and terminal to check 
whether the token and terminal are authorised, and, 
only if authorisation is established; loading a pro- 
gram code adapted to form an application program 45 
into a portion of the read/write memory region; 
establishing a partition between the loaded applica- 
tion program and the remainder of the read/write 
memory region, thus leaving the remainder of the 
read/write region free for data storage. 50 

In a preferred embodiment, the token is adapted 
to interact with the terminal by inductive coupling 
and such coupling is used to load the applications 
software. 

The position of the partition can be varied 55 
dependent upon the envisaged uses of the token. 
The application software will then remain within the 
electronic token even when it is not operatrvely 
coupled to a terminal, until it is wished to load a new 
program. 60 

Advantageously, the execute only memory region 
may Include within it software such that after 
applications software has been loaded into the 



System 

read/write region, checked and tested, the software 
routine alters, by means of software or hardware, the 
circuitry within the token such that the applications 
program is permanently stored within the token and 
may not be removed or altered by means of the 
loading procedure described above. 

In a second aspect the invention provides an 
electronic system comprising portable electronic 
token comprising processing means, memory 
means and input/output means and a read/write 
terminal for interacting with the token, wherein the 
memory means and input/output means a read/write 
terminal for interacting with the token, wherein the 
memory means comprises an execute only or Read 
only memory region and a non-volatile read/write 
memory region and wherein applications software is 
stored in a variable size portion of the read/write 
region. 

The Read/write region may be an E 2 PROM, 
battery-barked RAM or any other appropriate non- 
volatile Read/Write memory. 

Embodiments of the invention will now be de- 
scribed by way of example only with reference to the 
accompanying drawings in which, 

Figure 1 shows in block form elements of the 
electronic token and coupler embodying the 
present invention and 

Figure 2 shows the arrangement of memory 
areas within the token. 

Referring to Figure 1 the general arrangement of 
an electronic token or card system is shown. A host 
computer 1 which may be a personal computer (PC) 
is connected to a coupler unit 2. This unit is arranged 
to inductively couple with a portable electronic 
token, shown here as card 3. This is a small 
hand-held token, perhaps of credit-card sized 
proportion. Coupling between the card and coupler 
is achieved inductively by means of modulated fields, 
as is described in the aforementioned British patent 
application no. GB2173623A. Card 3 comprises a 
micro-processor 4 of any convenient type, a Re- 
ceive/Transmit circuit 5 and power supply means 6 
which may either be an on board battery or, more 
preferably, means for tapping off power which is 
inductively coupled from the coupler 2. The card 
further includes a memory region which Is divided, 
according to the invention, into three areas; an 
operating system area 7, applications program 
area 8 and data storage area 9. Operating system 
area 7 is of execute only type and areas 8 and 9 are 
of non volatile read/write memory, and may for 
instance be E 2 ROM or battery-backed RAM. 

Operating system, application program and data 
storage may occupy adjacent areas of memory 
within one integrated circuit The microprocessor 
and memory may be embodied in a single integrated 
circuit 

The coupler 2 comprises a demodulator 10 and 
modulator 11 for processing modulated signals 
received or transmitted after amplification by ah 
amplifier 12. Unmodulated signals, either after 
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demodulation or before modulation are fed to or 
from suitable communication lines of host computer 
1. 

The loading procedure for such a system will now 
be described. Upon power up i.e. operatively 
coupling the card 3 and coupler 2, the microproces- 
sor 4 begins to execute instructions residing in the 
operating system. As stated above, in the preferred 
system the memory portion storing the operating 
system is execute only and will be set upon 
manufacture. The data within it can be neither read 
nor written to by any application program. Embodi- 
ments of the invention are however envisaged in 
which this region is Read only. An initialisation 
sequence follows, an 'answer to reset* character Is 
issued and then a loading routine begins. The card 
waits to receive a message to indicate that it is in 
communication with the loading terminal, which in 
this case is coupled to an host computer 1. If the 
card receives a suitable message before a defined 
time period has elapsed, an interchange of mess- 
ages between host computer 1 and the card takes 
place and these messages are used by the card to 
check whether authorised software is being used 
within the host computer 1. Such authorisation 
procedures will be well known to those skilled in the 
art and can be used to prevent a card being 
programmed by means other than that defined by 
the card manufacturer or user. For instance, coded 
messages could be exchanged, and authentication 
or encryption processes using shared secret keys 
may be implemented. If the card has been satisfied 
that the loader, i.e. host computer 1, is authorised, 
the card will clear its application memory before 
receiving a sequence of executable codes which are 
arranged to form the new application programme. 
This code is then stored in the application pro- 
gramme area 8 of the card. Finally, the software 
within the card is used to establish a partition 
between the applications program area 8 and 
remainder of the read/write memory region to 
establish a data storage area 9, in which data 
relevant to the intended uses of the card can be 
stored and altered as desired. 

The partitioning can be established by any suitable 
means. Typically, the partition may be established by 
having a pointer in memory which points to each 
address in turn as the applcations software is 
loaded, byte by byte. Once this software is loaded, 
the final byte addressed by the pointer can be stored 
in a register, and, when data Is subsequently stored, 
by means of a WRITE COMMAND, this register is 
accessed and used to provide a suitable address, In 
the allowed region, which is encoded in a header 
transmitted with the data. 

The memory areas of the card are shown in 
Figure 2 where one example is shown having a total 
memory capability of 8 k bytes. This value may of 
course be varied as desired. Once the partition 
mentioned above has been established, then the two 
memory regions 8 and 9 are set up, although, as 
shown in figure 2, the exact memory requirements 
may vary and be movable dependent upon the 
particular applications program, and memory re- 
quirements for data storage. 



After the initial programming stage, the card may 
be removed from the terminal and will retain the 
applications program. When the card is subse- 
quently powered up and does not receive a "loading" 

5 message after issuing its answer to reset, the 
operating system within the card directs the micro- 
processor to commence execution of which ever 
application program is held within its memory. 
Should a card not be satisfied of the authenticity 

10 of a loading station, it will not load a new application 
program and will hart execution. 

The loading function within the card can also be 
disabled by an applications program. Once an 
application program has been downloaded, de- 

15 bugged and tested, ft is often desirable that the 
card's function be fixed for the remainder of its life. 
This can be easily achieved by a slight modification 
to the application program such that it calls a routine 
held within the operating system which serves to 

20 remove a software or hardware link, disabling the 
loading routine. 



25 Claims 



1. A method of loading software into a 
portable electronic token (1) of the type 

30 comprising processing means (4), memory 

means (7,8,9) and input/output means (5) and 
adapted for interaction with a read/write termi- 
nal (2), wherein the memory means comprises 
an execute only or Read only memory region (7) 

35 and a non-volatile read/write region (8,9), which 

method comprises operatively coupling the 
token and terminal, interchanging messages, 
under control of an operating system stored in 
the execute or Read only region, between the 

40 token and terminal to check whether the token 

and terminal are authorised, and, only If authori- 
sation is established; loading a program code 
adapted to form an application program into a 
portion of the read/write memory region and 

45 establishing a partition between the loaded 

application program and the remainder of the 
read/write memory region, thus leaving the 
remainder of the read/write region free for data 
storage. 

50 2. A method as claimed In claim 1 wherein 

control of the token is subsequently passed to 
the application program after appropriate auth- 
orisation is established. 

3. A method as claimed in claim 1 or claim 2 
55 wherein the token Is adapted to interact with the 

terminal by inductive coupling and such coup- 
ling is used to load the applications software. 

4. A method as claimed in any of the 
preceding claims wherein the execute only 

60 memory region includes software adapted to 

alter the software or hardware of the token after 
an applications program has been loaded such 
that the applications program cannot be 
removed or altered. 

65 5. An electronic system comprising a port- 



3 



5 0 292248 6 

able electronic token (1 ) comprising processing 
means (4), memory means (7,8.9) and input/ 
output means (5) and a read/write terminal (2) 
for interacting with the token, wherein the 
memory means comprises an execute only or 5 
Read only memory region (7) and a non-volatile 
read/write memory region (8,9) and wherein 
applications software is stored in a variable size 
portion (8) of the read/write region. 

6. A system as claimed in claim 5 wherein the 10 
read/write region is an E 2 PROM. 

7. A system as claimed in claim 5 wherein the 
read/write region is a battery-backed ROM. 
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) Verfahren zur gegenserttgen Authentiffkation von elektronischen Partnern mit einem Rechnersystam 

) Bai dem Verfahren zur gegenseitfgen Authentffikation 
oines elektronischen Partners (CC) nach tier "Chalenge and 
Response'-Methode mtt einem System (S) vtfrd zur Authen- 
tffikation des Systems (S) gegenuber dam elektronischen 
Partner (CC) von dem System (S) auf der Basis der von dem 
elektronischen Partner (CC) gelleferten zwerten Zufallszahl 
(RNC) und einem Geheimcode (OFFSET), der ausschlieSlich 
dem System (S) und dem elektronischen Partner (CC) 
bekannt ist, mitteis eines SchlGsseis (K) sin Varschlusset- 
ungsergebnis errechnet, das an den elektronischen Partner 
(CC) zurQckgesandt wird. Der eiektronische Partner (CC) 
arrechnet seinerselts auf der Grundlage sbenfalts der Zu- 
fallszahl (RNC) und dem Geheimcode (OFFSET) sowie dem 
Schlussel (K) eln Verschlusselungsergebnis. Erst dann, wenn 
dlase beiden Verschlusselungsergebnisse uberefnstimmen, 
gift das System (S) gegenuber dem elektronischen Partner 
(CC) sis authantisch. 
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Beschreibung nischen Partner weiter, der daraus — als Teil seiner 

Authentifikationsprozedur gegeniiber dem System — in 

Die Erfindung betrifft ein Verfahren zur gegenseiti- oben beschriebener Weise das bendtigte Verschlussel- 
gen Authentifikation eines elektronischen Partners nach ungsergebnis berechnet und es an das simulierte System 
der "Challenge and Response" Methode mit einem Sy- 5 flbertrigt Das simulierte System reicht dieses Ergebnis 
stem gemaB dem Oberbegriff des Anspruchs 1, wie z. B. (das mithin von einem elektronischen Partner erzeugt 
aus DE 41 38 861 Al bekannt worden ist, der der gleichen Gruppe von Identitltskenn- 

Um Zugang zu einem System zu erhalten, muB haufig grdBen gehdrt und damit fiber den gleichen SchlQssel 
die Berechtigung zu diesem Zugang nachgewiesen wer- verf Qgt) zum ersten elektronischen Partner weiter, der 
den. Andererseits muB sich auch das System eindeutig 10 es mit dem selbst errechneten Ergebnis vergleicht und 
als echt zu erkennen geben, um eineh mdglichen Betrug die Authentizitlt des simulierten Systems feststellt Der 
durch ein simuliertes System auszuschlieBea Um dies zu zweite elektronische Partner wird durch Obertragung 
gewahrleisten, wurde die sogenannten "Challenge and einer Fehlermeldung vom simulierten System abgewie- 
Response'-Methode entwickelt sea 

Bei dieser Methode schickt zunSchst das System eine 15 In DE 41 38 861 Al wird zwar gezeigt, wie eine Simu- 
Zufallszahl an den elektronischen Partner. Dieser ver- lation des Systems in betrQgerischer Absicht zu verhin- 
schlfisselt diese Zufallszahl mit einem VerschlQsselungs- dem ist; dabei wird jedoch die Eingangspramisse, nam- 
algorithmus sowie einem SchlQssel und sendet das Er- lich, daB alien elektronischen Partner einer Gruppe die 
gebnis gemeinsam mit einer IdentitatskenngrdBe zu- gleiche IdentitatsgrtBe und damit der gleiche SchlQssel 
rQck an das System. Mittels eines nur dem System be- 20 zugeordnet wird, durch die Einf finning einer individuel- 
kannten Verfahrens errechnet das System aus der Iden- len ZusatzidentitatskenngrdBe verletzt Diese individu- 
titatskenngrdBe den SchlQssel und errechnet ebenfalls elle ZusatzidentitatskenngrdBe ist im elektronischen 
das Ergebnis, das sich mit Hilfe des Verschlfisselungsal- Partner festabgespeichert 

gorithmus aus der Zufallszahl und dem SchlQssel ergibt Die der vorliegenden Erfindung zugrundeliegende 
Stimmt das vom elektronischen Partner gesendete Er- 25 Aufgabe ist es nun, bei mehrfacher Verwendung einer 
gebnis mit dem vom System errechneten fiberein, gilt gemeinsamen IdentitatskenngrdBe fQrmehrere elektro- 
der elektronische Partner als authentisch. nische Partner, die gleichzeitig an ein System ange- 

Zur Authentisierung des Systems gegenQber dem schlossen sein kdnnen, eine Simulation des Systems in 
elektronischen Partner wird der oben beschriebene betrQgerischer Absicht zuverhindern. 
Vorgang mit vertauschten Rollen nochmals durchge- 30 Diese Aufgabe wird erfindungsgemaB durch die im 
fQhrt Der elektronische Partner sendet eine Zufallszahl Patentanspruch 1 angegebenen Merkmale geldst, und 
zum System, das System verschlusselt diese Zufallszahl zwar ohne Verletzung der oben genannten Pramisse. 
anhand des Verschlusselungsalgorithmus und des ihm Vorteilhafte Ausgestaltungen des erfindungsgemaBen 
bereits bekannten SchlQssels und sendet das Ergebnis Verfahrens sind jeweils in den UnteransprQchen aufge- 
zumVergleich an den elektronischen Partner. 35 ffihrt 

Der SchlQssel ist demnach Iediglich beim elektroni- Nach der Erfindung wird der zusatzlich vergebene 
schen Partner gespeichert, wahrend das System diesen Geheimcode jedesmal erzeugt, wenn er zur Authentifi- 
SchlQssel immer wieder neu nach einem nur dem Sy- kation des Systems gegenQber dem elektronischen Part- 
stem bekannten Verfahren unter Zugrundelegen der ner bendtigt wird, wobei es grundsatzlich denkbar ist, 
IdentitatskenngrdBe des elektronischen Partner erzeu- 40 daB bei jeder Generierung ein anderer Geheimcode 
gen muB. Diese IdentitatskenngrdBe wird wahrend der entsteht Damit kann die Eingangspramisse, daB eine 
Initialisierungsphase (Personalisierung), ah. vor dem Gruppe elektronischer Partner mit gleicher Zugriffs- 
erstmaligen Betrieb des Systems gemeinsam mit den bzw. Zugangsberechtigung mit Ausnahme der Identi- 
elektronischen Partnern, ffir die elektronischen Partner tatskenngrdBe keine weiteren Individualisierungskenn- 
festgelegt Dabei erscheint es haufig sinnvoU, ganzen 45 daten, insbesondere keine die elektronischen Partner 
Gruppen von elektronischen Partnern die gleiche Iden- dieser Gruppe untereinander unterscheidenden Indivi- 
titatskenngrdBe und damit auch den gleichen SchlQssel dualisierungskenndaten aufweisen, beibehalten werdea 
zuzuordnea um den elektrischen Partnern einer Grup- ErfindungsgemaB wird der Geheimcode mit der vom 
pe die gleichen Zugriffs- und Zugangsrechte zu einem elektronischen Partner Qbermittelten Geheimzahl ma- 
elektronischen Medium zu verleihea 50 thematisch verknQpft Dabei stellt der Geheimcode ein 

Aufgrund dieser Praxis ergibt sich aber ffir einen Be- Geheimnis dar, das Iediglich einem elektronischen Part- 
trQger die Mdglichkeit, das System bei dessen Authenti- ner und nach Versendung dem System bekannt ist 
fikation gegenQber dem elektronischen Partner zu si- Durch die erfindungsgemaBe Erweiterung des Chal- 
mulierea Voraussetzung ist Iediglich, daB zwei elektro- lenge Response Protokolls kann in vorteilhafter Weise 
nische Partner mit gleicher IdentitatskenngrdBe anna- 55 fur jeden einzelnen elektronischen Partner ein Aus- 
hernd gleichzeitig auf das System zugreifen woUea Die tausch von Zufallszahlen mit dem System erreicht wer- 
Simulation des Systems kann dann auf folgende Weise den, so daB danach zweifelsfrei sowohl die Identitat des 
durchgefQhrtwerdea elektronischen Partners als auch die Identitat des Sy- 

Das simulierende System sendet eine Zufallszahl zum stems feststeht, ohne daB dies durch die quasi zeitglei- 
ersten elektronischen Partner, dieser verschlusselt die eo che Anmeldung eines weitern elektronischen Partners 
Zufallszahl in oben beschriebener Weise und sendet das gefahrdet ware. 

Ergebnis gemeinsam mit der IdentitatskenngrdBe zum Damit kann im Faile der Zusammenfassung von elek- 
simulierenden System. Dieses bestatigt die Richtigkeit tronischen Partnern in Gruppen mit identischen Identi- 
des Ergebnisses, ohne es wirklich QberprQft zu haben, tatskenngrdBen einer betrQgerischen Simulation des Sy- 
woraufhin der erste elektronische Partner seine Zufalls- « stems gegenQber einem elektronischen Partner erfolg- 
zahl zum simulierten System sendet Dieses reicht die reich begegnet werdea 

soeben empfangene Zufallszahl an einen ebenfalls gera- Nachfolgend werden anhand der Zeichnung AusfQh- 
de auf das System zugreifen wollenden zweiten elektro- rungsbeispiele der Erfindung naher erlautert Im einzel- 



DE 195 23 466 CI 



nen zeigen: 

Fig. 1 bis 3 alternative AusfQhrungsbeispiele des er- 
ftndungsgemafien Verfahrens und 

Fig. 4 den Verf ahrensablauf bei simuliertem System. 

Im folgenden wird anstelle des Begriffes "elektroni- 
scher Partner", der fQr ein beliebig ausgeformtes elek- 
tronisches Ger&t mit den Flhigkeiten einer Chipkarte 
stent, der Begriff "Chipkarte* verwendet 

Am linken Rand der Fig. 4 ist symbolisch eine erste 
Chipkarte CC1 und am rechten Rand symbolisch eine 
zweite Chipkarte CC2 gezeigt Zwischen den beiden 
Chipkarten CC1, CC2 ist symbolisiert durch ein Recht- 
eck ein simuliertes System SS abgebildet Zu einem be- 
stimmten Zeitpunkt wird beispielsweise durch Einstek- 
ken der ersten Chipkarte CO in ein Kartenlesegerat die 
erste Chipkarte CC1 mit dem simutierten System SS 
verbunden. Die erste Chipkarte CO Qbertrcigt an das 
simulierte System SS eine Anmeldeinformation LOG. 
Daraufhin QbertrSgt das simulierte System SS eine erste 
Zufallszahi RNS zur ersten Chipkarte CC1. Diese ver- 
schlQsselt anhand des VerschlQsselungsalgorithmus V 
und des in der Karte gespeicherten SchlQssels K die 
erste Zufallszahi RNS. Das VerschlQsselungsergebnis V 
(K, RNS) und die in der ersten Chipkarte CO gespei- 
cherte Identitatsnummer ID werden zum simulierten 
System SS Qbertragea Das simulierte System SS Qber- 
tragt ein Quittungssignal OK an die erste Chipkarte 
CO. Die erste Chipkarte CO interpretiert das Quit- 
tungssignal OK so, als ware der Authentifizierungspro- 
zeB der ersten Chipkarte CO gegenQber dem simulier- 
ten System SS erfolgreich verlaufen. Deshalb sendet die 
erste Chipkarte CO zur AuthentizitStsprQfung des si- 
mulierten Systems SS eine zweite Zufallszahi RNC zum 
simulierten System SS. 

Wird nun gleichzeitig oder annahernd gleichzeitig ei- 
ne zweite Chipkarte CC2, beispielsweise durch Ein- 
schieben in ein weiteres Kartenleseger&t mit dem simu- 
lierten System SS verbunden, so ergibt sich fur den Fall, 
daB die zweite Chipkarte CC2 die gleiche Identitats- 
kenngr68e ID wie die erste Chipkarte CO hat die fol- 
gende Situation: Zuntchst meldet sich auch die zweite 
Chipkarte CC2 durch Obertragen einer Anmeldeinfor- 
mation LOG beim simulierten System SS an. Das simu- 
lierte System SS reicht nun die von der ersten Chipkarte 
CO empfangene zweite Zufallszahi RNC an die zweite 
Chipkarte CC2 weiter. Die zweite Chipkarte CC2 ver- 
schlQsselt die durchgereichte Zufallszahi RNC mit Hilfe 
des VerschlQsselungsalgorithmus V und des Schlussels 
K und gibt das VerschlQsselungsergebnis V (K, RNC) 
und die IdentitfUsnummer ID zum simulierten System 
SS. zurQck. Das simulierte System SS verfQgt nun fiber 
das zur Authentifikation gegenQber der ersten Chipkar- 
te CO erforderliche VerschlQsselungsergebnis V (K, 
RNC) und QbertrHgt dieses zur ersten Chipkarte CO. 
Die gegenseitige Authentifikation zwischen erster Chip- 
karte CO und simuliertem System SS ist damit erfolg- 
reich abgeschlossen. Die zweite Chipkarte CC2 erhait 
ein negatives Quittungssignal F und wird damit abge- 
wiesen. 

In Fig. 1 bis 3 wird nun aufgezeigt, wie die oben be- 
schriebene Authentifikation eines simulierten und damit 
unberechtigten Systems SS gegenQber einer Chipkarte 
CC wirksam verhindert werden kana 

Dazu wird das Protokoll so abgeindert, daB bei der 
Authentifikation des Systems S gegenQber dem elektro- 
nischen Partner CC ein zusitzlicher Geheimcode OFF- 
SET (nachfolgend auch geheime Zahl genannt), der dem 
elektronischen Partner CC zum Zeitpunkt der Initiali- 



sierung und dem System S zum Zeitpunkt der Authenti- 
fikation bekannt ist, verwendet werden kann. Der Ge- 
heimcode OFFSET ist jedoch fur alle elektronischen 
Partner mit derselben Identitatskenngrdfie gleich. 
5 Auf die Challenge des elektronischen Partners CC 
(Senden der Zufallszahi RNC) reagiert das System 
durch Senden des verschlQsselten Wertes von RNC plus 
OFFSET. 

Der relevante Geheimcode OFFSET wird entweder 

io dem System S vom elektronischen Partner als Teil sei- 
ner Response auf die Challenge des System (siehe 
Fig. 1) oder in einem zus&tzlichen Protokollschritt ver- 
schlQsselt Qbermittelt, der zwischen der Authentifika- 
tion des elektronischen Partners CC und der Authentifi- 

15 kation des Systems liegt, dem System verschlQsselt vom 
elektronischen Partner CC Qbermittelt (siehe Fig. 2) 
oder der die geheime Zahl OFFSET wird bereits zum 
Zeitpunkt der Initialisierung mit einem geheimen Ver- 
fahren F2 aus der IdentitltskenngrdBe ID berechnet 

20 und analog zum SchlQssel K beim elektronischen Pan- 
ner CC gespeichert, wobei der Geheimcode OFFSET im 
Zuge der Authentifikation des Systems S vom System S 
aus der QbermitteJten IdentifttsgrdBe mittels des gehei- 
men Verfahrens F2 jeweils neu berechnet wird (siehe 

25 Fig.3). 

Die gegenseitige Authentifikation zwischen Chipkar- 
te CC und System S veriauft dann in Fig. 1 wie folgt: 
Die Chipkarte CC Qbertr&gt eine Anmeldeinformation 
LOG an das System S. Das System S erzeugt eine Zu- 

30 fallszahl RNS und Gbertragt diese an die Chipkarte CC 
Die Chipkarte errechnet aus dem SchlQssel K und der 
Zufallszahi RNS ein VerschlQsselungsergebnis V (K, 
RNS). Aufierdem bestimmt die Chipkarte den spater zu 
verwendenden OFFSET und errechnet aus dem SchlQs- 

35 sel K und der geheimen Zahl OFFSET das VerschlQssel- 
ungsergebnis V (K, OFFSET). Gemeinsam mit der Iden- 
titltskenngrdBe ID werden diese beiden Werte zum Sy- 
stem S Qbertragen, Das System S errechnet aus der 
IdentitltskenngrdBe ID mit Hilfe des festgelegten Ver- 

40 fahrens Fl den SchlQssel K. Das System S berechnet 
ebenfails das VerschlQsselungsergebnis V (K, RNS) und 
vergleicht es mit dem in der Chipkarte errechneten und 
zum System S Qbertragenen VerschlQsselungsergebnis 
V (K, RNS). Bei positivem Vergleichsergebnis Qbertragt 

45 das System S ein positives Quittungssignal OK an die 
Chipkarte CC Aufierdem bestimmt das System mit Hil- 
fe von K die geheime Zahl OFFSET. Nach Empfang des 
Quittungssignals OK sendet die Chipkarte CC eine Zu- 
fallszahi RNC zum System S. Das System S addiert zu 

so dieser Zufallszahi RNC den Wert des OFFSET und ver- 
schlQsselt das Ergebnis der Addition. Das VerschlQssel- 
ungsergebnis V (K, [RNC+OFFSETD wird zur Chip- 
karte CC Obertragen und dort analog QberprQft Bei 
positivem Vergleichsergebnis sendet die Chipkarte CC 

55 ein positives Quittungssignal OK zum System S. Die 
gewQnschte Anwendung ist damit freigegeben. 

Die gegenseitige Authentifikation zwischen Chipkar- 
te CC und System S veriauft dann in Fig. 2 wie folgt: 
Die Chipkarte CC Qbertnlgt eine Anmeldeinformation 

60 LOG an das System S. Das System S erzeugt eine Zu- 
fallszahi RNS und GbertrSgt diese an die Chipkarte CC 
Die Chipkarte errechnet aus dem SchlQssel K und der 
Zufallszahi RNS ein VerschlQsselungsergebnis V (K, 
RNS). AuBerdem bestimmt die Chipkarte den spater zu 

65 verwendenden Geheimcode OFFSET und errechnet 
aus dem SchlQssel K und dem Geheimcode OFFSET das 
VerschlQsselungsergebnis V (K, OFFSET). 
Das VerschlQsselungsergebnis V(K, RNS) wird zu- 
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sammen mit der Identit&tskenngrdBe zum System S 
Qbertragen. Das System S errechnet aus der Identitats- 
kenngrdBe ID mit Hiife des festgelegten Verfahrens Fl 
den SchlOssel K. Das System S berechnet ebenfalls das 
VerschlQsseiungsergebnis V (K, RNS) und vergleicht es 5 
mit dem in der Chipkarte errechneten und zum System 
S Qbertragenen VerschlQsseiungsergebnis V (K, RNS). 
Bei positivem Vergleichsergebnis Qbertragt das System 
S ein positives Quittungssignal OK an die Chipkarte CC 
Daraufhin Qbertragt die Chipkarte CC das schon be- 10 
rechnete VerschlQsseiungsergebnis V(K, OFFSET) zu- 
sammen mit der IdentitdtsgrdBe ID. Das System quit- 
tiert wieder mit OK. Nach Empfang des zweiten Quit- 
tungssignals OK sendet die Chipkarte CC eine Zufalls- 
zahl RNC zum System S. Das System S addiert zu dieser 15 
Zufallszahl RNC den Wert der geheimen Zahl OFFSET, 
den das System aus dem empfangenen Wert V(K, OFF- 
SET) berechnet hat und verschlQsselt das Ergebnis der 
Addition. Das VerschlQsseiungsergebnis V (K, 
[RNC + OFFSET]) wird zur Chipkarte CC Qbertragen 20 
und dort analog QberprOft Bei positivem Vergleichser- 
gebnis sendet die Chipkarte CC ein positives Quittungs- 
signal OK zum System S. Die gewQnschte Anwendung 
ist damit freigegeben. 

In Fig. 3 wird davon ausgegangen, da£ der Geheim- 2s 
code OFFSET bereits zum Zeitpunkt der Initialisierung 
mit einem geheimen Verfahren F2 aus der Identit&ts- 
kenngrdBe ID berechnet und analog zum SchlOssel K 
beim elektronischen Partner CC gespeichert wurde. 

Die gegenseitige Authentiflkation zwischen Chipkar- 30 
te CC und System S verlauf t dann in Fig. 3 wie folgt: 
Die Chipkarte CC Qbertragt eine Anmeldeinformation 
LOG an das System S. Das System S erzeugt eine Zu- 
fallszahl RNS und Qbertragt diese Chipkarte CC Die 
Chipkarte errechnet aus dem SchlOssel K und der Zu- 35 
fallszahl RNS ein VerschlQsseiungsergebnis V (K, RNS) 
welches zusammen mit der Identit&tskenngrd&e ID zum 
System S Qbertragen. Das System S errechnet aus der 
Identit&tskenngrd&e ID mit Hilfe des festgelegten Ver- 
fahrens Fl den SchlOssel K Das System S berechnet 40 
ebenfalls das VerschlQsseiungsergebnis V (K, RNS) und 
vergleicht es mit dem in der Chipkarte errechneten und 
zum System S Qbertragenen VerschlQsseiungsergebnis 
V (K, RNS). Bei positivem Vergleichsergebnis Qbertragt 
das System S ein positives Quittungssignal OK an die 45 
Chipkarte CC 

Nach Empfang des Quittungssignals OK sendet die 
Chipkarte CC eine Zufallszahl RNC zum System S. 

Das System berechnet aus der vorher Qbertragenen 
Identit&tsgrdBe ID und aus dem geheimen Verfahren F2 50 
den Geheimcode OFFSET, addiert diesen Wert zur 
empfangenen Zufallszahl RNC und verschlQsselt das Er- 
gebnis der Additioa Das VerschlQsseiungsergebnis V 
(K, [RNC -h OFFSETD wird zur Chipkarte CC Qbertra- 
gen. Die Chipkarte CC addiert zur gesendeten Zufalls- 55 
zahl RNC den in der Chipkarte gespeicherten Geheim- 
code OFFSET und fQhrt die Verschlusselung dieser Ad- 
dition mit dem SchlOssel K durch und vergleicht das 
Ergebnis mit dem vom System S empfangenen Wert 
V(K, [RNC+OFFSETD. Bei positivem Vergleichser- 60 
gebnis sendet die Chipkarte CC ein positives Quittungs- 
signal OK zum System S. Die gewQnschte Anwendung 
ist damit freigegeben. 

PatentansprQche & 

1. Verfahren zur gegenseitigen Authentication ei- 
nes eine IdentititskenngrdBe aufweisenden elek- 



tronischen Partners und eines Systems, auf das eine 
Vielzahl von elektronischen Partnern zugreifen 
darf, von denen jeweils mehrere gleichberechtigt in 
Gruppen mit gleicher Identitatskenngrd&e zusam- 
mengefafitsind, 

— bei dem zur Authentiflkation des elektroni- 
schen Partners (CQ gegenQber dem System 
(S) 

— das System (S) eine erste Zufallszahl 
(RNS) an den elektronischen Partner (CC) 
sendet, 

— der elektronische Partner (CQ die er- 
ste Zufallszahl (RNS) mittels eines SchlQs- 
sels (K) verschlQsselt und das VerschlQs- 
seiungsergebnis zusammen mit der Iden- 
titltskenngrdQe (ID) an das System (S) zu- 
rQcksendet, 

— das System (S) zunachst anhand der 
Identitatskenngrdfie (ID) den SchlOssel 
(K) ermittelt und anschlie&end mittels die- 
ses SchlQssels (K) aus der ersten Zufalls- 
zahl (RNS) ein VerschlQsseiungsergebnis 
errechnet, 

— das System das vom elektronischen 
Partner (CC) erhaltene VerschlQsseiungs- 
ergebnis und das selbst errechnete Ver- 
schlQsseiungsergebnis vergleicht, wobei 
bei Gleichheit beider VerschlQsselungser- 
gebnisse der elektronische Partner (CC) 
gegenQber dem System (S) als authentisch 
gilt, 

— und bei dem zur Authentication des Sy- 
stems (S) gegenQber dem elektronischen Part- 
ner (CC) 

— der elektronische Partner (CC) eine 
zweite Zufallszahl (RNC) an das System 
(S) sendet, 

— das System (S) die zweite Zufallszahl 
(RNC) mittels des anhand der Identitats- 
kenngrdBe (ID) des elektronischen Part- 
ners (CQ ermittelten SchlQssels (K) ver- 
schlQsselt und das VerschlQsseiungsergeb- 
nis an den elektronischen Partner (CC) 
sendet, 

— der elektronische Partner (CQ anhand 
der zweiten Zufallszahl (RNC) und des 
SchlQssels (K) ein VerschlQsseiungsergeb- 
nis errechnet und 

— der elektronische Partner (CQ das 
von dem System (S) erhaltene VerschlQs- 
seiungsergebnis und das selbst errechnete 
VerschlQsseiungsergebnis vergleicht, wo- 
bei bei Gleichheit beider VerschlOssel- 
ungsergebnisse das System (S) gegenQber 
dem elektronischen Partner (CQ als au- 
thentisch gilt, 

dadurch gekennzeichnet, 

— dafi bei der Authentiflkation des Systems 
(S) gegenQber dem elektronischen Partner 
(CQ 

— das System (S) sein VerschlQsseiungs- 
ergebnis auf der Basis eines ledigiich dem 
System (S) und dem elektronischen Part- 
ner (CQ bekannten erzeugten Geheimco- 
des (OFFSET) und der vom elektroni- 
schen Partner (CC) erhaltenen zweiten 
Zufallszahl (RNC) mittels des SchlQssels 
(K) errechnet und an den elektronischen 
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Partner (CQ sendet, wobei der Geheim- 
code (OFFSET) mit der vom elektroni- 
schen Partner (CQ gesendeten zweiten 
Zufallszahi (RNQ in dem System (S) ma* 
thematisch verknQpft win), 5 

— der elektronische Partner (CQ sein 
VerschlOsselungsergebnis auf der Basis 
des Geheimcodes (OFFSET) und der 
zweiten Zufallszahi (RNQ errechnet und 

— der elektronische Partner (CQ das 10 
von dem System (S) erhaltene VerschlOs- 
selungsergebnis mit dem selbst errechne- 
ten VerschlOsselungsergebnis vergleicht, 
wobei bei Gleichheit beider Verschlflssel- 
ungsergebnisse das System (S) gegenflber ts 
dem elektronischen Partner (CC) als au- 
thentischgilt 

Z Verfahren nach Anspruch 1, dadurch gekenn- 
zeichnet, dafi der Geheimcode (OFFSET) dem Sy- 
stem (S) insbesondere in mittels des Schlfissels (K) 20 
verschlflsselter Form bei der Authentifikation des 
elektronischen Partners (CQ gegenuber dem Sy- 
stem (S) Obermittelt wird 

3. Verfahren nach Anspruch 1, dadurch gekenn- 
zeichnet, dafi der Geheimcode (OFFSET) dem Sy- 25 
stem (S) insbesondere in mittels des Schlfissels (K) 
verschlQsselter Form nach der Authentifikation des 
elektronischen Partners (CQ gegenQber dem Sy- 
stem (S) tlbermittelt wird 

4. Verfahren nach Anspruch 1, dadurch gekenn- 30 
zeichnet, dafi der Geheimcode (OFFSET) zum Zeit- 
punkt der Initialisierung des elektronischen Part- 
ners (CQ aus dessen Identititskenngrdfie (ID) be- 
rechnet und im elektronischen Partner (CQ gespei- 
chert wird und dafi der Geheimcode (OFFSET) fur 35 
die Authentifikation des Systems (S) gegenQber 
dem elektronischen Partner (CQ aus dessen Identi- 
tatskenngrdfie (ID) neu berechnet wird. 

5. Verfahren nach einem der AnsprQche 1 bis 4, 
dadurch gekennzeichnet, dafi der Geheimcode 40 
(OFFSET) zu der vom elektronischen Partner (CQ 
gesendeten zweiten Zufallszahi (RNQ in dem Sy- 
stem (S) hinzuaddiert wird 

6l Verfahren nach einem der Ansprfiche 1 bis 5, 
dadurch gekennzeichnet, dafi der Geheimcode 45 
(OFFSET) durch einen Zufallsgenerator erzeugt 
wird 

7. Verfahren nach einem der Ansprfiche 1 bis 6, 
dadurch gekennzeichnet, dafi der elektronische 
Partner (CQ eine Chipkarte ist 50 
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Q5650716 **Image available** 
PROCESSOR FOR PREPAID IC CARD 

PUB. NO. : 09-265516 (JP 9265516 A] 

PUBLISHED: October 07, 1997 (19971007) 
INVENTOR(s) : NISHIOKA MITSURU 

APPLICANT (s) : TOSHIBA CORP [000307] (A Japanese Company or Corporation), JP 
(Japan) 

APPL. NO. : 08-076201 [JP 9676201] 
FILED: March 29, 1996 (19960329) 

INTL CLASS: [6] G06K-017/00; A63F-007/02; G07F-007/08; G07F-007/12 
JAPIO CLASS: 4 5.3 (INFORMATION PROCESSING — Input Output Units); 29.4 
(PRECISION INSTRUMENTS — Business Machines); 30.2 
(MISCELLANEOUS GOODS — Sports & Recreation) 

ABSTRACT 

PROBLEM TO BE SOLVED: To prevent a secret key, etc., from being leaked, or 
stolen and illegally used, or illegal use through an alteration of a 
subtracting machine, etc., by registering collation data from a 2nd IC 
card in a handling means, and judging the propriety of a 1st IC card 
which has operation data enabling normal operation on the basis of the 
collation data. 

SOLUTION: An operator inserts a registration card into equipment. When the 
inserted card is a registered and 'rewriting' is permitted by setting and 
data are not registered, the equipment side perform mutual 

authentication for confirming the propriety of the card. When the result 
is OK, an inputted password code is matched so as to confirm the propriety 
of the user, and then the registered data beings to be read for the 1st 
time after OK is obtained. When the password number is NG, data are not 
outputted even if a read of the data from the card is tried. The data which 
are thus read out are stored in the memory in the equipment and used for 
subsequent equipment operation. After it is confirmed that the data are 
normally recorded in the memory, the card is ejected. 
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ABSTRACT : 

Proton World International of Belgium, a major smart card organization, 
announced it would distribute a version of its electronic purse based on 
the Java Card API, or application programming interface. 

Proton started as part of the Banksys payment system consortium in Belgium. 
It has 30+ million electronic purse cards operating on its system in 15 
countries. The company said its Java e-purse would be included in the next 
generation of multiple-application cards. 

A second firm, Bull Group of France, established a joint venture with a 
national research institute to work on developing open-standards-based 
microprocessor cards, with Java key among those standards. 

Known as Trusted Logic, the new venture is to research, develop, and sell 
sophisticated levels of security, prove their workability in electronic 
banking and other fields, and perhaps profit further by licensing 
intellectual property. 

TEXT: 

By JEFFREY KUTLER 

Two major smart card organizations in Europe have given Sun Microsystems 
Inc. 1 s Java language a boost. 

Proton World International of Belgium said it would distribute a version of 
its electronic purse based on the Java Card API, or application programming 
interface. The e-purse applet will be easily linked to' other services on a 
smart card, such as ticketing and loyalty, Proton said. 

In France, Bull Group formed a joint venture with a national research 
institute to develop open-standards-based microprocessor cards, with Java 
key among those standards. 

The new venture, Trusted Logic, is to research, develop, and sell 
sophisticated levels of security, prove their workability in electronic 
banking and other fields, and perhaps profit further by licensing 
intellectual property. 

These moves, announced last week, may say more about the smart card 
industry ! s desire for technical common denominators than about Java 
specifically. The Java Card specification is vying with Multos, which is 
associated with the Mondex smart card system, and with Microsoft Corp. f s 
Smart Cards for Windows. Each lays claim to being an open framework that 
invites innovation. 



But with the Microsoft entry in the market for less than half a year, and 
with Multos still fending off criticism that it is more proprietary than 
open, Java seems to be taking advantage of its relative maturity. The 
language itself is about four years old and well suited to Internet 
transactions, including the remote loading of applets-small software 
applications-or other data onto smart cards. 

Proton officials have long expressed support for Java, a position 
reinforced last year when Visa International, a Java partisan, took an 
equity interest in the Brussels-based smart card company. 

Dominique Bolignano, chairman of Trusted Logic, said advances in 
theoretical technology and programming languages are accelerating just as 
"demand is developing significantly" for smart card systems in mobile 
phones, payment terminals, and elsewhere. "The catalyst for this change 
will be Java," he said. 

The Java Card API dates to 1996. Its 2.0 version followed in October 1997, 
and 2.1 enhancements came out in October 1998. 

Visa embraced Java for its Visa Open Platform program. Proton World-co- 
owned by American Express Co., Banksys of Belgium, ERG Ltd. of Australia, 
and Interpay of the Netherlands-bills itself as a "strategic business 
partner" of the Java Card Forum, which has a strong hand in setting the 
technical specifications. Forum members include major chip card 
manufacturers and International Business Machines Corp., Citibank, and 
National Westminster Bank of London. Natwest invented Mondex and later sold 
most of its shares to MasterCard International and about two dozen 
financial institutions around the world. 

Proton, which began as part of the Banksys payment system consortium in 
Belgium and has more than 30 million electronic purse cards operating on 
its system in 15 countries, said its Java e-purse would be incorporated 
into the next generation of multiple-application cards. 

The stored-value program will "remain at the cutting edge of smart card 
technology through this important new development with Sun, 11 said Yves 
Moulart, Proton World's executive vice president of research and 
development. 

Patrice Peyret, director of Sun Microsystems 1 consumer and embedded 
division in California, said Proton on the Java Card API "enriches the 
selection of financial services available" for Java smart cards. 

"Proton World is a leader in the deployment of secure smart card technology 
worldwide," Mr. Peyret said. "This applet demonstrates Sun ! s continuing 
efforts to work with strategic associates to make Java Card the premier 
solution for multi-application smart cards." 

Trusted Logic-the result of collaboration between Bull Smart Cards and 
Terminals and INRIA, the French National Institute for Research in Computer 
Science and Control-will be applying a mathematical technique, formal 
proof, to bolster smart cards' ability to withstand security threats. 

Formal proof is a requirement of Common Criteria, a set of internationally 
recognized security standards on which microprocessor and data security 
vendors, among others, are seeking to be rated. 

"With the arrival of open platforms such as Java, guaranteeing and proving 
security has become essential," said Christian Goire, a Bull executive, who 
also serves as chairman of Java Card Forum. "I am delighted with the 



creation of Trusted Logic, since it corresponds to the needs expressed by 
the forum 1 s strategic partners in the banking and telecom sectors." 

Bernard Larrouturou, chairman of INRIA, said, "Fifteen years of research 
will now be applied to the fast-expanding market of smart cards, a market 
where European manufacturers, in particular Bull, are the world leaders." 
He said Bull and INRIA "have made great headway in terms of research and 
its subsequent marketability, and, thanks to Dominique Bolignano, (this) 
led to the creation of a high-tech company." 

David Levy, managing director of Bull Smart Cards and Terminals, said a 
desire to expand in the field of open systems such as Java motivated Bull's 
participation in Trusted Logic. The efforts with formal proof "will play an 
essential role in demonstrating the security of future smart card 
applications," he said. "Bull thus strengthens its position as No. 1 in the 
field of security." That claim is likely to be disputed, but it indicates 
that security is becoming a competitive battleground. 

IBM, which does joint Java Card development with Gemplus of France, made a 
recent deal with Philips Semiconductors to pursue chips that can pass 
muster with Common Criteria or with the related ITSEC methodology- 
Information Technology Security Evaluation Criteria. 

Mr. Peyret said "Sun is very enthusiastic about the arrival of Trusted 
Logic in the microprocessor card software industry. It goes to show that 
open systems such as Java favor new actors with new services." 

He praised "Trusted Logic's key actors" for past contributions to the 
development of Java Card API and said "their know-how in this domain should 
give them an excellent start." 

u 

Bull Smart Cards and Terminals said it has demonstrated a system for 
loading value onto smart card chips via mobile telephone. 

The system is based on Sun Microsystems Inc.'s Java technology and can be 
used in phones with two card slots conforming to the GSM, or Global System 
for Mobile communications, standard. 

Bull's major chip card rivals, including Gemplus and Schlumberger, have 
also been developing remote commerce applications for GSM phones. The 
market for chip-based SIM cards-subscriber identity modules required to 
authenticate users of those phones-is one of the most active in the smart 
card industry. 

The demonstration this month involved a Bull Rock'n Tree SIM card in one 
phone slot, and a Proton electronic purse card in the other. With a call to 
a bank's e-purse server, the phone plays the role of a reloading terminal. 

Bull said that through its SIM Rock'n Lab, such applications can be 
"developed in record time, even by users with no knowledge of the Java 
language . " 

Copyright 1999 Thomson Information Services Inc. 
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OF ELVIS AND SMART CARD SIGHTINGS 



Soon, only one will be an American myth 

These days in the United States, smart cards are a lot like spotting Elvis. Everyone in America keeps talking about his being 
in supermarkets, subways and banks-but have you really seen the King of Rock-n-Roll lately? 

Yeah, me neither. 

Everywhere from Scientific American to USA Today, articles on smart cards are proclaiming them to be the latest and 
greatest. The marketing hype is there, but where are the cards? Indeed, market development in the United States will take at 
least two more years. Industry participants, however, are gearing up for what may be in several years a billion-dollar 
American market. Add into that equation Latin America and the Asia-Pacific regions, where smart card markets are picking 
up speed, and we're talking about potential market revenues of several billion dollars. Smart cards are a substitute for some 
traditional automatic identification technologies in several applications-but where and how and why? 

Stacking up smart cards against other technolog ies 

Smart cards have three key characteristics compared to other technologies: 
Increased data storage and computational capacity. 
Increased security that can handle open systems. 
Offline transaction-handling capability 

In all three areas, neither magnetic stripe nor bar code technologies are comparable to smart cards. While magnetic stripe 
and bar code systems may have password protection procedures, the data carrier itself does not have built-in security. When 
France Telecom moved from magnetic stripe cards to smart cards for its prepaid phone card application, fraud costs were 
cut by 50%. 

RF/ID trends in increased data storage and security capacities make them more competitive to smart cards than magnetic 
stripes or bar codes. Contactiess smart cards, however, possess a significantly higher data transfer rate than RF/ID tags: 
100 Kbits/second versus 4 Kbits/second, respectively RF/ID tags, however, do have the advantage of a longer read/write 
distance (up to 3 feet versus the 4 inches of a contactiess smart card). Still, a contactiess smart card can be an ideal choice 
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.for RF/to target markets such as transportation and security access. 

Moreover, a unique characteristic of smart cards which propels their growth in developing countries is their ability to handle 
of Dine transactions. Online systems such as ATMs or EFTPOS demand access to a central host or database to perform 
transactions. Hence, for countries such as China, which has three main telephone lines per 100 inhabitants, or Brazil, which 
has seven main lines per 100 inhabitants, ATMs and prepaid public phone cards are not practical Smart cards provided 
these countries an opportunity to acquire traditional online systems without the infrastructure investment cost. For this 
reason, smart cards are taking off in Latin America and the Asia-Pacific region. 

The price is right-per byte 

The increased performance of smart cards, however, also brings a higher price tag-or does it? On the surface, a smart card 
costs quite a bit more per unit-more than twice its nearest competitor, the RF/ID tag. Yet, m terms of a price/memory 
performance ratio, smart cards remain highly competitive. Indeed, in regards to RF/ID tags, smart cards cost approximately 
81 % less per data storage byte. 

Moreover, in the next three to five years, smart cards will be an even greater bargain as average selling prices drop further. 
Since 1993, the average selling price of a smart card has dropped approximately 15% annually, and industry participants do 
not expect prices to bottom out soon. None of the price levels of the other technologies is likely to decline as dramatically; in 
fact, magnetic stripe and bar code price levels are likely to remain flat. Consequently, with increasing chip capabilities and 
decreasing prices, smart cards will offer increasingly better performance at lower prices. 

How smart cards make the fit 

Still, the basic fact is that smart cards in the future will still cost mote than magnetic stripe or bar code technologies. Indeed, 
in certain applications smart cards will not be likely substitutes for other technologies because the degree of the application- 
technology fit is too low. Inventory tracking, for example, may not require a smart card's increased data storage or security 
features. 

Smart cards, however, have a very high degree of application-technology fit for applications which either need a high level of 
security or must handle an immense amount of data. The GSM (global system for mobile communications) application is a 
good example. A type of wireless communication platform, GSM competes actively against cellular networks as a service 
choice. Analysts estimate that in the United States, cellular fraud costs service providers up to $1 .5 million a day. On the 
other hand, the GSM platform incurs minimal fraud losses due to a subscriber identity module (SIM), which is provided by a 
smart card as a means of user authentication. 

In terms of an application taking advantage of a smart card's increased data storage, multi-application system environments 
are excellent examples. Using a contactless smart card, the Transcard program in Sydney, Australia, integrates public 
transport, retail and banking applications in an open-system environment. While two individual RF/ID and magnetic stripe 
systems might have served the project requirements, such investment expenditures could not have been shared among the 
various service providers. The contactless smart card represented a single-time technology investment. 

Elvis or the smart card? 

The bottom line is that, as selling prices of smart cards decline further and faster than other Auto. ID technologies, the 
technology moves from just being commercially viable to being a commercial bargain in terms of price and performance. 
Smart cards offer a business case that is hard to ignore. As increasing numbers of businesses implement them in the next 
two to three years, you will be more likely to see a smart card in use than Elvis alive at Comdex. 
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What do smart cards and Elvis have in common? Everyone keeps saying they're here, but have you seen either one?? That wiil change as 

\the prices of smart cards continue to tumble and their security is seen. 
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